General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17149.24514.10320

  • Size

    38KB

  • Sample

    220816-jldlhsebgq

  • MD5

    afa76d3ab56a161493ecc311224d06ff

  • SHA1

    b0e04d456edc5234a34f48521338fc3b6130ad2f

  • SHA256

    4fade6fb7db66d7b5fd5b92289e105ac4dc656d18164a912a624e9809dbfaae6

  • SHA512

    1bc31253503b00d34e1cfb4311683477454d1488e7bcdf6a3f1a640ae36be552f0ceb4d97cd45f44587a9fee588740d9541ab9919730b55650a379377a2396ac

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://facextrade.com.br/wp-includes/certificates/4.txt

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17149.24514.10320

    • Size

      38KB

    • MD5

      afa76d3ab56a161493ecc311224d06ff

    • SHA1

      b0e04d456edc5234a34f48521338fc3b6130ad2f

    • SHA256

      4fade6fb7db66d7b5fd5b92289e105ac4dc656d18164a912a624e9809dbfaae6

    • SHA512

      1bc31253503b00d34e1cfb4311683477454d1488e7bcdf6a3f1a640ae36be552f0ceb4d97cd45f44587a9fee588740d9541ab9919730b55650a379377a2396ac

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks