e8f5608b361e6c9a35b4cdc5bf0a386a9e00d77d0d6efb12149f30ebcdae33fc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76d0bcdfd638f4ef0c4385b0148bdf3d_JaffaCakes118
Size

41KB
Sample

240727-dh5ypstakr
MD5

76d0bcdfd638f4ef0c4385b0148bdf3d
SHA1

8db4cc8d2a8d1757012a22c0b60db2f0ca219f18
SHA256

e8f5608b361e6c9a35b4cdc5bf0a386a9e00d77d0d6efb12149f30ebcdae33fc
SHA512

42a312917131ff941b0e4008901afc6241fe3f3ea4f756ccd0af321f65135ae1910975b2646a3d3ca2f7548bde42c7418ace0a68bfb8a42c16d8ebaac014bdb9
SSDEEP

768:6x2ZiddEC7lRaqtcSI3QpG3bvb2m9RkUT4rdlnjUsWc5ax3deVFv0fGJPLVbPi:6ATWlsCNI3bvyyb2FjUmMe+GJP5ji

Score

8^/10

aspackv2 discovery persistence

Malware Config

Targets

- Target
  
  76d0bcdfd638f4ef0c4385b0148bdf3d_JaffaCakes118
- Size
  
  41KB
- MD5
  
  76d0bcdfd638f4ef0c4385b0148bdf3d
- SHA1
  
  8db4cc8d2a8d1757012a22c0b60db2f0ca219f18
- SHA256
  
  e8f5608b361e6c9a35b4cdc5bf0a386a9e00d77d0d6efb12149f30ebcdae33fc
- SHA512
  
  42a312917131ff941b0e4008901afc6241fe3f3ea4f756ccd0af321f65135ae1910975b2646a3d3ca2f7548bde42c7418ace0a68bfb8a42c16d8ebaac014bdb9
- SSDEEP
  
  768:6x2ZiddEC7lRaqtcSI3QpG3bvb2m9RkUT4rdlnjUsWc5ax3deVFv0fGJPLVbPi:6ATWlsCNI3bvyyb2FjUmMe+GJP5ji
Score

8^/10

aspackv2 discovery persistence
- Adds policy Run key to start application
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoverypersistence

behavioral2

aspackv2discoverypersistence