General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17232.16558.13191

  • Size

    33KB

  • Sample

    220816-jldlhsebgp

  • MD5

    1d5e697a9549b96a548a76b59eb4e64c

  • SHA1

    413e5fa05e80aa4d7cc13ffe22830f4afc9c0d2f

  • SHA256

    8fe23c29ba0570ad4b2fa152702380863429f97280d3ce26f4194e2593db45c2

  • SHA512

    28a71baaa8462064187172f85da123771a44fd70c33ba23e7bb42b66032eaa7edebc3a93952336d922387cd0bd553e34c847618ac7d3c942500ea53663bc63a0

Score
10/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17232.16558.13191

    • Size

      33KB

    • MD5

      1d5e697a9549b96a548a76b59eb4e64c

    • SHA1

      413e5fa05e80aa4d7cc13ffe22830f4afc9c0d2f

    • SHA256

      8fe23c29ba0570ad4b2fa152702380863429f97280d3ce26f4194e2593db45c2

    • SHA512

      28a71baaa8462064187172f85da123771a44fd70c33ba23e7bb42b66032eaa7edebc3a93952336d922387cd0bd553e34c847618ac7d3c942500ea53663bc63a0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks