b2e8dbdaf60dbf348e715a5643a767cbd5eeabd0699988eedc78eb80595d0f5d | Triage

Sharing

General

Target

SpoofX.exe
Size

2.9MB
Sample

241221-r2f1ks1pgk
MD5

bafe98fde65f7b51b1f2a1dbc62a6c88
SHA1

1bf16c146dedf6bb2e6a272abb8c9883525a9649
SHA256

b2e8dbdaf60dbf348e715a5643a767cbd5eeabd0699988eedc78eb80595d0f5d
SHA512

9219fef6ec1438964d5aa7c1813f852ce581491025d7e9448095ca4416de951f4fc68361c2bc5460154407f4aca4a4270ed5b72b3d3c5c98df1815405de97765
SSDEEP

49152:ttGrOk4cHGD8Y9f3/QKYQ+C4ykOdSmssUnlKn2jybt:UOxc6GNM1M+

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  SpoofX.exe
- Size
  
  2.9MB
- MD5
  
  bafe98fde65f7b51b1f2a1dbc62a6c88
- SHA1
  
  1bf16c146dedf6bb2e6a272abb8c9883525a9649
- SHA256
  
  b2e8dbdaf60dbf348e715a5643a767cbd5eeabd0699988eedc78eb80595d0f5d
- SHA512
  
  9219fef6ec1438964d5aa7c1813f852ce581491025d7e9448095ca4416de951f4fc68361c2bc5460154407f4aca4a4270ed5b72b3d3c5c98df1815405de97765
- SSDEEP
  
  49152:ttGrOk4cHGD8Y9f3/QKYQ+C4ykOdSmssUnlKn2jybt:UOxc6GNM1M+
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence