General

  • Target

    NXT_SPF.exe

  • Size

    5MB

  • Sample

    231207-qr2zmabd57

  • MD5

    8173dac88ce0121826ca5c49c0aaa4dd

  • SHA1

    08b7de769c28b945a40603cd5a987d00c40df223

  • SHA256

    42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b

  • SHA512

    fb58f44c06e1aae9614d49eee0b6739f3e0568efb16e98f6f46f0377f319038b586e3565b56394d36c145b5c02e40e3d352fcbd3c48ab40e59b723d3bdcceb49

  • SSDEEP

    98304:PmolCB6+AySU2in9TAtcjtIlFqALGaYZ2cTZyolZCdK3ZnC0ZF+eIbBQ5G64vq:OYCXAyzqtU2Fq7gcQsCd6Z5ZFxI9YGhq

Score
10/10

Malware Config

Targets

    • Target

      NXT_SPF.exe

    • Size

      5MB

    • MD5

      8173dac88ce0121826ca5c49c0aaa4dd

    • SHA1

      08b7de769c28b945a40603cd5a987d00c40df223

    • SHA256

      42ffdb67f5ed4b8139165ed5c1852448a8d91f51534807ecd4f760146f694a0b

    • SHA512

      fb58f44c06e1aae9614d49eee0b6739f3e0568efb16e98f6f46f0377f319038b586e3565b56394d36c145b5c02e40e3d352fcbd3c48ab40e59b723d3bdcceb49

    • SSDEEP

      98304:PmolCB6+AySU2in9TAtcjtIlFqALGaYZ2cTZyolZCdK3ZnC0ZF+eIbBQ5G64vq:OYCXAyzqtU2Fq7gcQsCd6Z5ZFxI9YGhq

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Sets service image path in registry

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

3
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Command and Control

Web Service

1
T1102

Tasks