General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17232.29868.20236

  • Size

    33KB

  • Sample

    220816-jldlhshab6

  • MD5

    90512b064db1da60fb41f392c8cbb762

  • SHA1

    9cd8187d0b2b1f7c8f0ce349ea2e49cbcbc41620

  • SHA256

    e46d810b92a54d8b1b0041ccda70476999d5c6e59398727cac8b83bd3fe4d9a6

  • SHA512

    1c34ce983821ed368251b48174867d663e9b1596d39d763efa0caa1b08d07eea78533d4e17755b4abf0a16047822f90b80834f0faf800cc62669fae01257ae6e

Score
10/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17232.29868.20236

    • Size

      33KB

    • MD5

      90512b064db1da60fb41f392c8cbb762

    • SHA1

      9cd8187d0b2b1f7c8f0ce349ea2e49cbcbc41620

    • SHA256

      e46d810b92a54d8b1b0041ccda70476999d5c6e59398727cac8b83bd3fe4d9a6

    • SHA512

      1c34ce983821ed368251b48174867d663e9b1596d39d763efa0caa1b08d07eea78533d4e17755b4abf0a16047822f90b80834f0faf800cc62669fae01257ae6e

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks