Overview

overview

8

Static

static

3

6205258238...0N.exe

windows7-x64

8

6205258238...0N.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6205258238262bc732ae664e9aee3bd0N.exe

  • Size

    120KB

  • Sample

    240822-y43qpayell

  • MD5

    6205258238262bc732ae664e9aee3bd0

  • SHA1

    5dea4b03e387dc13f168cd98e866afa8c58075ff

  • SHA256

    a64f14f7064ea3fdcca18b6c65520fb20d2b9649f539c6399f5d87e030b72238

  • SHA512

    0f689ae42137d7a1e1ede059bd96b4257d3c1d8979eee1b8ce9205ba973741a668bf56a9dd91a408b226dd4d56c51876f39c350468da40da2d63d15a9e6deaa5

  • SSDEEP

    1536:aJUGCqveEeXdTeG4wu6oQuwEhQQWKXJR721rSTdk/cpAKdlaKrorkgA55i:aHFveEyTAK7VKXXS1GT7AKzaKrtP55i

Score
8/10
aspackv2bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      6205258238262bc732ae664e9aee3bd0N.exe

    • Size

      120KB

    • MD5

      6205258238262bc732ae664e9aee3bd0

    • SHA1

      5dea4b03e387dc13f168cd98e866afa8c58075ff

    • SHA256

      a64f14f7064ea3fdcca18b6c65520fb20d2b9649f539c6399f5d87e030b72238

    • SHA512

      0f689ae42137d7a1e1ede059bd96b4257d3c1d8979eee1b8ce9205ba973741a668bf56a9dd91a408b226dd4d56c51876f39c350468da40da2d63d15a9e6deaa5

    • SSDEEP

      1536:aJUGCqveEeXdTeG4wu6oQuwEhQQWKXJR721rSTdk/cpAKdlaKrorkgA55i:aHFveEyTAK7VKXXS1GT7AKzaKrtP55i

    Score
    8/10
    aspackv2bootkitdiscoverypersistencespywarestealer

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks