370abddcc90e3fe150dc4e57dcfc237a906cd328d209c9657fdd2db662285e28 | Triage

Resubmissions

11/12/2024, 00:30

241211-at1ata1pdm 10

25/09/2024, 08:51

240925-ksf6nayhlb 10

25/09/2024, 08:42

240925-kl2h1syenb 10

25/09/2024, 08:37

240925-kjg2laydlh 10

25/09/2024, 08:29

240925-kdnl7avgkq 10

Sharing

General

Target

spf.exe
Size

74.3MB
Sample

241211-at1ata1pdm
MD5

080f818c1eee78a599b8402962ee5593
SHA1

e929908842d65b784a2b98041fd563447e085c94
SHA256

370abddcc90e3fe150dc4e57dcfc237a906cd328d209c9657fdd2db662285e28
SHA512

f6e2acdc25824381e4108ce5cf30360020f16f2d2810bc9d47bc83e02d80b090e0f5b1d3f5f0fbbf318bccf0850e967e98a1755b5a467b44c97d4bdbe7a8cc0a
SSDEEP

1572864:UCF/QoAcEwBtXTjLnyn7PmhM2QbnzdLaXqVa:s/uD/Ia0JLat

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  spf.exe
- Size
  
  74.3MB
- MD5
  
  080f818c1eee78a599b8402962ee5593
- SHA1
  
  e929908842d65b784a2b98041fd563447e085c94
- SHA256
  
  370abddcc90e3fe150dc4e57dcfc237a906cd328d209c9657fdd2db662285e28
- SHA512
  
  f6e2acdc25824381e4108ce5cf30360020f16f2d2810bc9d47bc83e02d80b090e0f5b1d3f5f0fbbf318bccf0850e967e98a1755b5a467b44c97d4bdbe7a8cc0a
- SSDEEP
  
  1572864:UCF/QoAcEwBtXTjLnyn7PmhM2QbnzdLaXqVa:s/uD/Ia0JLat
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Stops running service(s)
  evasion execution
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence