0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

home.php
Size

93B
Sample

240627-x53awawfrh
MD5

b0d506893d4802090edf1644f5f082cd
SHA1

4bf0d7ecb70703857c7029754fa02a7496313b63
SHA256

0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34
SHA512

9a104d02dd1afb7b1d7c26715fa650c3f1519744af8f57a57c1a8d39a1d75b16d3ca5da8e6e00966ebe2d73a9983679710585318acfed67804c4856b6d1928e5

Score

10^/10

aspackv2 defense_evasion evasion execution impact ransomware

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://blockchainjoblist.com/wp-admin/014080/

exe.dropper

https://womenempowermentpakistan.com/wp-admin/paba5q52/

exe.dropper

https://atnimanvilla.com/wp-content/073735/

exe.dropper

https://yeuquynhnhai.com/upload/41830/

exe.dropper

https://deepikarai.com/js/4bzs6/

Targets

- Target
  
  home.php
- Size
  
  93B
- MD5
  
  b0d506893d4802090edf1644f5f082cd
- SHA1
  
  4bf0d7ecb70703857c7029754fa02a7496313b63
- SHA256
  
  0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34
- SHA512
  
  9a104d02dd1afb7b1d7c26715fa650c3f1519744af8f57a57c1a8d39a1d75b16d3ca5da8e6e00966ebe2d73a9983679710585318acfed67804c4856b6d1928e5
Score

10^/10

aspackv2 defense_evasion evasion execution impact ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Direct Volume Access

Impair Defenses

Disable or Modify System Firewall

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

aspackv2defense_evasionevasionexecutionimpactransomware