Overview

overview

10

Static

static

7

cb9e68c1ae...0N.exe

windows7-x64

7

cb9e68c1ae...0N.exe

windows10-2004-x64

6

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

114IE.exe

windows7-x64

10

114IE.exe

windows10-2004-x64

10

bin/114Web.exe

windows7-x64

3

bin/114Web.exe

windows10-2004-x64

3

bin/Addr.dll

windows7-x64

3

bin/Addr.dll

windows10-2004-x64

3

bin/CameraDll.dll

windows7-x64

3

bin/CameraDll.dll

windows10-2004-x64

3

bin/SnapShot.exe

windows7-x64

3

bin/SnapShot.exe

windows10-2004-x64

3

bin/TGHistory.dll

windows7-x64

3

bin/TGHistory.dll

windows10-2004-x64

3

bin/TGMail.dll

windows7-x64

3

bin/TGMail.dll

windows10-2004-x64

3

bin/TGNetWork.dll

windows7-x64

3

bin/TGNetWork.dll

windows10-2004-x64

3

bin/TGRes.dll

windows7-x64

3

bin/TGRes.dll

windows10-2004-x64

3

bin/shdoclc.dll

windows7-x64

1

bin/shdoclc.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb9e68c1aeef21345d6ccb8ba9204c70N.exe

  • Size

    2.5MB

  • Sample

    240904-2228xszake

  • MD5

    cb9e68c1aeef21345d6ccb8ba9204c70

  • SHA1

    9abd0081c032195e3558adae2d7257e895f93943

  • SHA256

    72b0e2d6f458440f5efc934651691fc1e8c44199e145c69b35fd7b5e31ad3d92

  • SHA512

    d88f83b1ecf2da7b6c80571aadf711874bc2618f7248e945e300b4b2f58d12389b24aa2d226a7143c727cc0dcbf9b2d1d4472e9f734d63b6331504d936f631d1

  • SSDEEP

    49152:enxY/VWCs9WRy7LbLr5/oP4GVKMQkW+yrBE4G6D3UQ35j:qxEswRAlO4GVrxW+yFEpK3F

Score
10/10
aspackv2bootkitdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      cb9e68c1aeef21345d6ccb8ba9204c70N.exe

    • Size

      2.5MB

    • MD5

      cb9e68c1aeef21345d6ccb8ba9204c70

    • SHA1

      9abd0081c032195e3558adae2d7257e895f93943

    • SHA256

      72b0e2d6f458440f5efc934651691fc1e8c44199e145c69b35fd7b5e31ad3d92

    • SHA512

      d88f83b1ecf2da7b6c80571aadf711874bc2618f7248e945e300b4b2f58d12389b24aa2d226a7143c727cc0dcbf9b2d1d4472e9f734d63b6331504d936f631d1

    • SSDEEP

      49152:enxY/VWCs9WRy7LbLr5/oP4GVKMQkW+yrBE4G6D3UQ35j:qxEswRAlO4GVrxW+yFEpK3F

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      114IE.exe

    • Size

      3.1MB

    • MD5

      b1d8440752c728ff9e3ea2c06d2c18ad

    • SHA1

      f8bfb8f420770154704dd05c501967c7a8fd5ad2

    • SHA256

      ff72cebdb7faff45cb4be52a42af8feaf861eeda45942334f1b0e48762703093

    • SHA512

      f1f0591bb3403fc8ac7f615e309e9e80a1250d399604f11eea45c8a63c83858212008d996b4179fe05c5c856ac260c10b7388edcf96d6669cd9fe1c42e0ad2fe

    • SSDEEP

      49152:/4NwMLMoAQnfLCfT1qibSjLyB20n+J38zAU7Ebwnwp/6hYTg:/q0fT1qiOjJMeKC6hJ

    Score
    10/10
    bootkitdiscoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      bin/114Web.exe

    • Size

      1.0MB

    • MD5

      59def0f8e14c0ba5c534ae4f9f3bb3b4

    • SHA1

      f9b33906e1ecc6eb5faf0e54b773e98075303d5c

    • SHA256

      ee0672c5db3bf39d8af0f9be9a417f9352ff4bbaaba00c63dbe72c9222526e7a

    • SHA512

      b2c9a40ef232be36390ac6f4c5a1ee8d2834e22f50ccbfb603ac249cb018ea8e0b083960839311e5026410ef7dfa12cbfdd3fea9a16213505dba38b6327bea18

    • SSDEEP

      12288:HXQKlAZ/J6tjjqw9uwe+uOlANGzS0Y6FclYjJgHvFXSGIWc0hf:3Dcr+uUzS0YgjuNXAWc0hf

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      bin/Addr.dll

    • Size

      630KB

    • MD5

      708d8bc22034133228fc72f5ecf8f59b

    • SHA1

      a0d99622079b18a4fd280268028e073a82b520fd

    • SHA256

      2146c02ae47dfaff80084fe7f09b0552be1000a85ffa91314e6f3675d81ece9e

    • SHA512

      5324b037ee3f3bfc7959b348570903b92565edbdc044efed2c4fd9fc8657fdd74287653701777b3a39ba1074011893c518cba2e323dffe082090348137990cce

    • SSDEEP

      12288:OpbPmyyxz4/vf/ppXENMjpxYk3+Edz6N4BxO:QPz/vZaijpxYeLduN4LO

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      bin/CameraDll.dll

    • Size

      261KB

    • MD5

      c94c79c7a5b5744d7207767e2e55abd9

    • SHA1

      3f688bfe890ca268a0bdb5252a5d1a066f893c59

    • SHA256

      9d8d503e48ffe0a7d167aee9fef0cfe645dc72d7c2025be7021854e9f92c3ef2

    • SHA512

      19361a90a6ed52d5cb163e4986f8dfd5324944b53de2e2351e6e4c1f1fe567905a9779d95b8a71274a04890955da69e8e3a9b8c9d3ce7a775667f34f7ebee7c9

    • SSDEEP

      6144:wjPK6XyF5LdYV7MEPkQu1DWhTBqi627nMDtd4D:wjhX49dcsQsWhTsicd4D

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      bin/SnapShot.exe

    • Size

      37KB

    • MD5

      bc33b599a109af5998be27d62d921239

    • SHA1

      4419adba37e20a3f67116ef3fab028fb8ffed4ab

    • SHA256

      9d81a53981c81058d79d761b56cf3fa045b9c4e6a4c241f782c0ca09306fcba2

    • SHA512

      ee6e94b084785fc71e60689d673997760794ff556d9c161fe3abd2574e6c433e55e8d2948cdb847bf7edb9c521a5438b3bf7e29474829e9f907e0e1bbd3c9e09

    • SSDEEP

      768:uc2NFOarOa6VT0xOha5/xpe29XexG3lrsKlw:uc2nOsOjVJ253vG

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      bin/TGHistory.dll

    • Size

      386KB

    • MD5

      6e9b80e1f01c99652b6aabe95c5f16d4

    • SHA1

      6ca7f87c2332debd837dd1e96645fb51554fef6b

    • SHA256

      c3173ce9e3f9caa4e7aefb4881fa0cc8d78e37f580ee192cdf9c788270bd51fb

    • SHA512

      81baba62ef10a8d4cb66e17a8cbfd5199cebbde843ea31b1c5a8cbbdc09274e1a61d7a6cb9d87ce109dff501e9a39ff505e27c92a11afc8bbe2fc87d980cb975

    • SSDEEP

      6144:DEZ+d2UnWhxJShMSHsJkiHInFRnWoi21Ixo:w6aXkF1WoVmo

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      bin/TGMail.dll

    • Size

      9KB

    • MD5

      8bbbf695cbc8118dbf057a13f8d10bf5

    • SHA1

      dacb203dfe8dfe74c11ba8d5961fb37b8829fb7c

    • SHA256

      e5ea192caf8d62cb9867c37e61230b014ad7f7f10c46a4191fd0e0f2f5f10cfb

    • SHA512

      677b3c5a0ff2da2e649ee154d1189fd0295c6661b6c4f2772b0a56467c3ea7b5e534f1531e1b58a465337dfb98fa7123b883550b0dd32b8e7ec477535f29a0d1

    • SSDEEP

      192:0yQZrJeGEccLrOfOZfS3XuEq39SkaNrCd+vYuLGraP:0yQZdFEccLifOZf++msVs

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      bin/TGNetWork.dll

    • Size

      422KB

    • MD5

      ff32b99d719eff7085761e2b6c3ce194

    • SHA1

      327b5251899d6764029fe2c10be5ba7251dd59c6

    • SHA256

      173e63988e25f30c87bee31a8012f4594fb458171fd6646777ded3757718e932

    • SHA512

      82db4aa4201079a86e5708d0441b2de2d9b30d7aeb0bc5d33ddacd2183fb90fddb60c30ea38d94fde63b2fb94787bda5f718dc06b5325684a1cec822d6c1712d

    • SSDEEP

      6144:yF/UZuGS7zprjHErEpZ2PBttl/V8D2xk0YZQDB+zkKk:ODGSXprjH8tfKD2W0YZQH

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      bin/TGRes.dll

    • Size

      122KB

    • MD5

      2e3c825bb73fd6bd4b0b037005d8d54d

    • SHA1

      4862584404bc8369bd9a0385d128d1346c14584a

    • SHA256

      96b96ac1d2a9b0a93eec6928d3a4c1c207021ce501ccf75e54a291a8383f8569

    • SHA512

      8705544d8945a39af213c2b394786f93a60165bcd994ca00581c125c250f028a45d33a032bb1930b210dd364043b753ebf21c3cbf088d136df7b185ad1c61a54

    • SSDEEP

      3072:Poht8ZjxBNR14pQ635SKuWWCdjCvDFEq1J9i9zZboVbk2ArH:whtgBEQ635SKuWWCdjMDFEUe9zZUy2QH

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      bin/shdoclc.dll

    • Size

      488KB

    • MD5

      13895c76a5c8610b2051b8bc39a3b7df

    • SHA1

      13543ccad667a2b88a5ddd6f4b478e1f929e0e46

    • SHA256

      0c0ea851a1bcd05f92956db6a8f337e80bf8c090fd1293f203556287f20a82ba

    • SHA512

      e32428957a1fecd1a3d0ed05c670b2b5bf4a18f66e9bb1265313cd04599a0235edd3a4de3036901225cedf885ab5adba374190ef9c682cb15790cc7392c2355e

    • SSDEEP

      6144:TSz4HMKqBYgejnrz52mAa0P+ptxHn8b1LS4/XYZTblhHKT2NStI:fRqWrjrj0PRz/XYZTblhHKqt

    Score
    1/10
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks

static1

aspackv2
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
6/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

bootkitdiscoveryevasionpersistence
Score
10/10

behavioral6

bootkitdiscoveryevasionpersistence
Score
10/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10