General
-
Target
NXT_SPF.exe
-
Size
5.5MB
-
Sample
231207-q1f4hsbe54
-
MD5
8173dac88ce0121826ca5c49c0aaa4dd
-
SHA1
08b7de769c28b945a40603cd5a987d00c40df223
-
SHA256
42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b
-
SHA512
fb58f44c06e1aae9614d49eee0b6739f3e0568efb16e98f6f46f0377f319038b586e3565b56394d36c145b5c02e40e3d352fcbd3c48ab40e59b723d3bdcceb49
-
SSDEEP
98304:PmolCB6+AySU2in9TAtcjtIlFqALGaYZ2cTZyolZCdK3ZnC0ZF+eIbBQ5G64vq:OYCXAyzqtU2Fq7gcQsCd6Z5ZFxI9YGhq
Static task
static1
Behavioral task
behavioral1
Sample
NXT_SPF.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral2
Sample
NXT_SPF.exe
Resource
win11-20231129-en
Malware Config
Targets
-
-
Target
NXT_SPF.exe
-
Size
5.5MB
-
MD5
8173dac88ce0121826ca5c49c0aaa4dd
-
SHA1
08b7de769c28b945a40603cd5a987d00c40df223
-
SHA256
42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b
-
SHA512
fb58f44c06e1aae9614d49eee0b6739f3e0568efb16e98f6f46f0377f319038b586e3565b56394d36c145b5c02e40e3d352fcbd3c48ab40e59b723d3bdcceb49
-
SSDEEP
98304:PmolCB6+AySU2in9TAtcjtIlFqALGaYZ2cTZyolZCdK3ZnC0ZF+eIbBQ5G64vq:OYCXAyzqtU2Fq7gcQsCd6Z5ZFxI9YGhq
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Sets service image path in registry
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3