1f16e460285728f7f5f707501d81aaf2d0c9a53978ca9fef100991016718a8f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba8e2077554a39d9902f3d217e8c2ef2_JaffaCakes118
Size

190KB
Sample

240823-gb5k5szfnm
MD5

ba8e2077554a39d9902f3d217e8c2ef2
SHA1

b965572d475b6ac68ba8bd449807b10bbbc35b90
SHA256

1f16e460285728f7f5f707501d81aaf2d0c9a53978ca9fef100991016718a8f5
SHA512

9d03e2921908deb41b8e301f6fc133c65ba2705f6088f68b9d5273ce49e203b206ad4a3d874cfe29046aa4bbae74277f7863e01b4afad454dfb610a89604dd29
SSDEEP

3072:Lf8El69GIwBDU/5etbKYfBZ9bv7ekjntNDwNkNPjT+J/bTDhu+YybSO/oew:gEl69GIwBC5EDBZ9bjLtN/Qb0Q/rw

Score

7^/10

aspackv2 discovery persistence

Malware Config

Targets

- Target
  
  ba8e2077554a39d9902f3d217e8c2ef2_JaffaCakes118
- Size
  
  190KB
- MD5
  
  ba8e2077554a39d9902f3d217e8c2ef2
- SHA1
  
  b965572d475b6ac68ba8bd449807b10bbbc35b90
- SHA256
  
  1f16e460285728f7f5f707501d81aaf2d0c9a53978ca9fef100991016718a8f5
- SHA512
  
  9d03e2921908deb41b8e301f6fc133c65ba2705f6088f68b9d5273ce49e203b206ad4a3d874cfe29046aa4bbae74277f7863e01b4afad454dfb610a89604dd29
- SSDEEP
  
  3072:Lf8El69GIwBDU/5etbKYfBZ9bv7ekjntNDwNkNPjT+J/bTDhu+YybSO/oew:gEl69GIwBC5EDBZ9bjLtN/Qb0Q/rw
Score

7^/10

discovery aspackv2 persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

aspackv2discoverypersistence