Overview

overview

8

Static

static

1

URLScan

urlscan

1

http://wearedevs.net

windows11-21h2-x64

8

Resubmissions

25-12-2024 21:57

241225-1t158ayqfv 10

25-12-2024 21:55

241225-1sr6xsyqcw 10

25-12-2024 21:42

241225-1kqywsymhs 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://wearedevs.net

  • Sample

    241225-1kqywsymhs

Score
8/10
aspackv2defense_evasiondiscoveryevasionpersistencephishingransomware

Malware Config

Targets

    • Target

      http://wearedevs.net

    Score
    8/10
    aspackv2defense_evasiondiscoveryevasionpersistencephishingransomware

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: sweetalert2@10

      phishing

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks