275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f | Triage

Submit
Reports

Overview

overview

8

Static

static

1

EICAR.txt

windows10-ltsc_2021-x64

8

Resubmissions

23/03/2025, 19:10

250323-xvmsfa11gt 10

23/03/2025, 18:49

250323-xglyzsvn17 8

23/03/2025, 18:23

250323-w1gb6str12 8

23/03/2025, 18:13

250323-wtvk8azwcy 8

23/03/2025, 18:01

250323-wlzvzatlz3 10

23/03/2025, 17:38

250323-v722saywcy 10

23/03/2025, 17:35

250323-v53kjayve1 10

23/03/2025, 17:27

250323-v1pswasnw2 10

23/03/2025, 15:05

250323-sf8n5sylt7 8

23/03/2025, 14:52

250323-r8x8faxrx9 8

Sharing

General

Target

EICAR.txt
Size

68B
Sample

250323-xglyzsvn17
MD5

44d88612fea8a8f36de82e1278abb02f
SHA1

3395856ce81f2b7382dee72602f798b642f14140
SHA256

275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
SHA512

cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

Score

8^/10

aspackv2 defense_evasion discovery motw phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EICAR.txt

Resource

win10ltsc2021-20250314-de

aspackv2 defense_evasion discovery motw phishing

windows10-ltsc_2021-x64

27 signatures

300 seconds

Malware Config

Targets

- Target
  
  EICAR.txt
- Size
  
  68B
- MD5
  
  44d88612fea8a8f36de82e1278abb02f
- SHA1
  
  3395856ce81f2b7382dee72602f798b642f14140
- SHA256
  
  275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
- SHA512
  
  cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab
Score

8^/10

aspackv2 defense_evasion discovery motw phishing
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2defense_evasiondiscoverymotwphishing

© 2018-2025

Terms | Privacy