General
-
Target
https://github.com/SecHex/SecHex-Spoofy
-
Sample
240822-m75tnstdjc
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/SecHex/SecHex-Spoofy
Resource
win10v2004-20240802-en
windows10-2004-x64
25 signatures
300 seconds
Malware Config
Targets
-
-
Target
https://github.com/SecHex/SecHex-Spoofy
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Matrix ATT&CK v13
Discovery
Query Registry
6System Information Discovery
5Peripheral Device Discovery
2Browser Information Discovery
1System Location Discovery
1System Language Discovery
1