28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

28f582d034...60.exe

windows7-x64

9

28f582d034...60.exe

windows10-2004-x64

9

Sharing

General

Target

28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
Size

8.9MB
Sample

240420-g5ea2sbc2w
MD5

f281abd8226e385f65dba548ceeb6880
SHA1

30e3ac41b5cc46e0f05dd376f1ef5a8fcd578f59
SHA256

28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
SHA512

e9d909a2a56417ace8c406a503b3b6347c56f1e69799a4a540886bfcd9d7296e050ade08be3bec3f4694331ce192a73cd0f54d3256150199a4b5cbcbdfa1bc4f
SSDEEP

196608:41O9+q/coflcLhLz41UglDDP1qRfQuobWdbmJ6H++f:41lq/Z0vYDZqRIbibD3

Score

9^/10

aspackv2 evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260.exe

Resource

win7-20240221-en

aspackv2 evasion

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260.exe

Resource

win10v2004-20240226-en

aspackv2 evasion

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
- Size
  
  8.9MB
- MD5
  
  f281abd8226e385f65dba548ceeb6880
- SHA1
  
  30e3ac41b5cc46e0f05dd376f1ef5a8fcd578f59
- SHA256
  
  28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
- SHA512
  
  e9d909a2a56417ace8c406a503b3b6347c56f1e69799a4a540886bfcd9d7296e050ade08be3bec3f4694331ce192a73cd0f54d3256150199a4b5cbcbdfa1bc4f
- SSDEEP
  
  196608:41O9+q/coflcLhLz41UglDDP1qRfQuobWdbmJ6H++f:41lq/Z0vYDZqRIbibD3
Score

9^/10

aspackv2 evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

aspackv2evasion

behavioral2

aspackv2evasion

© 2018-2024

Terms | Privacy