04cb26cd6f38cb1e0fe17d983c0d350646004949334bd920056fbd8ed92f2013 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e857005ae7f5abb3b45062df130cf410.zip
Size

2.0MB
Sample

240906-3cft3asgpj
MD5

26ea82806c1570d6a2b16af84307c27b
SHA1

320435734cf2e5289f8dc9a65e027c7628ed1579
SHA256

04cb26cd6f38cb1e0fe17d983c0d350646004949334bd920056fbd8ed92f2013
SHA512

438e36aaf0670bb860d46d057076506a0f31ec5c75132d7b7891d15966f66ae5356d21b6db1b9ee65ec0618cf8f260bbd79caa5cdc2d18e11bd85aaf2125392d
SSDEEP

49152:tz91gJhB7E12a87iEaUdtdUS9sMHFI0X+C/GI05FsTEZVWOo8eqf:Jg9R7FPdhFI05uKYqOo0f

Score

7^/10

aspackv2 discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  6f51dd9afb8f1e9211a988209d131a193dd37c317fac3017d238de66bbddd64d
- Size
  
  5.1MB
- MD5
  
  e857005ae7f5abb3b45062df130cf410
- SHA1
  
  6d2c8e7905686e4e80953523f6d44f76a3334d01
- SHA256
  
  6f51dd9afb8f1e9211a988209d131a193dd37c317fac3017d238de66bbddd64d
- SHA512
  
  b674821c64aaf785bce07893cbfa14612bc2131261132c00690c117ef4cfaf72844849e4f6758751f2367852198b57096719ebf5880b2310493c798c984c2f41
- SSDEEP
  
  49152:7ToTMdsKrToTMdsKGToTMdsKrToTMdsKkToTMdsKrToTMdsKGToTMdsKrToTMdsK:
Score

7^/10

aspackv2 discovery persistence spyware stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoverypersistencespywarestealer

behavioral2

aspackv2discoverypersistencespywarestealer