42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b | Triage

Sharing

General

Target

NXT_SPF.exe
Size

5.5MB
Sample

231207-qr2zmabd57
MD5

8173dac88ce0121826ca5c49c0aaa4dd
SHA1

08b7de769c28b945a40603cd5a987d00c40df223
SHA256

42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b
SHA512

fb58f44c06e1aae9614d49eee0b6739f3e0568efb16e98f6f46f0377f319038b586e3565b56394d36c145b5c02e40e3d352fcbd3c48ab40e59b723d3bdcceb49
SSDEEP

98304:PmolCB6+AySU2in9TAtcjtIlFqALGaYZ2cTZyolZCdK3ZnC0ZF+eIbBQ5G64vq:OYCXAyzqtU2Fq7gcQsCd6Z5ZFxI9YGhq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NXT_SPF.exe
- Size
  
  5.5MB
- MD5
  
  8173dac88ce0121826ca5c49c0aaa4dd
- SHA1
  
  08b7de769c28b945a40603cd5a987d00c40df223
- SHA256
  
  42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b
- SHA512
  
  fb58f44c06e1aae9614d49eee0b6739f3e0568efb16e98f6f46f0377f319038b586e3565b56394d36c145b5c02e40e3d352fcbd3c48ab40e59b723d3bdcceb49
- SSDEEP
  
  98304:PmolCB6+AySU2in9TAtcjtIlFqALGaYZ2cTZyolZCdK3ZnC0ZF+eIbBQ5G64vq:OYCXAyzqtU2Fq7gcQsCd6Z5ZFxI9YGhq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence