00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

00cac13d11...c9.exe

windows7-x64

9

00cac13d11...c9.exe

windows10-2004-x64

9

Resubmissions

06-08-2024 01:35

240806-bzplyayhpd 9

03-04-2024 06:21

240403-g4fgqaaf33 9

Sharing

General

Target

00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9
Size

8.9MB
Sample

240403-g4fgqaaf33
MD5

63267d8b3821c488964c7f5dc21ce5f4
SHA1

82aceae9a96708e33d3273412ed9d2f1a6581576
SHA256

00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9
SHA512

75749f274172d15337637c0273576cf0317d713a614baaebbca286fb408f6e28efc3001972dff84b112495169c90279b00f8cf2682345e7ca544a2a09ecf5035
SSDEEP

196608:KhUC3fTTEi1xkEqX2PM+PX4SQV6jyi+S7l9I6SI78Bjn5:KhUs/EJS/jkPI4

Score

9^/10

aspackv2 evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9.exe

Resource

win7-20240220-en

aspackv2 evasion

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9.exe

Resource

win10v2004-20240226-en

aspackv2 evasion

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9
- Size
  
  8.9MB
- MD5
  
  63267d8b3821c488964c7f5dc21ce5f4
- SHA1
  
  82aceae9a96708e33d3273412ed9d2f1a6581576
- SHA256
  
  00cac13d1158f31b58f2e348dc9829c2549674049bc2a421c2a0cfe772ae35c9
- SHA512
  
  75749f274172d15337637c0273576cf0317d713a614baaebbca286fb408f6e28efc3001972dff84b112495169c90279b00f8cf2682345e7ca544a2a09ecf5035
- SSDEEP
  
  196608:KhUC3fTTEi1xkEqX2PM+PX4SQV6jyi+S7l9I6SI78Bjn5:KhUs/EJS/jkPI4
Score

9^/10

aspackv2 evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2evasion

behavioral2

aspackv2evasion

© 2018-2025

Terms | Privacy