General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17149.6905.7305

  • Size

    38KB

  • Sample

    220816-jlfe4sebhj

  • MD5

    3bc62bd8b910eb17b12a3b69fc050571

  • SHA1

    e4b91c0b407197bbfc6cbd1b6436a69277620db5

  • SHA256

    8e2a3f67543b17ea35bc2c3bbcdbb9100fda5cb2fb90e911bef2943f76dc2bef

  • SHA512

    c28f6f593ac227dbcc9eab3ae7a52050bbd1475dfc6717fc9a78cb0f0e4162b49e4affd205e3b081e6d980c35e4e833ed9f639116eded39136744ade94b57c45

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://facextrade.com.br/wp-includes/certificates/4.txt

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17149.6905.7305

    • Size

      38KB

    • MD5

      3bc62bd8b910eb17b12a3b69fc050571

    • SHA1

      e4b91c0b407197bbfc6cbd1b6436a69277620db5

    • SHA256

      8e2a3f67543b17ea35bc2c3bbcdbb9100fda5cb2fb90e911bef2943f76dc2bef

    • SHA512

      c28f6f593ac227dbcc9eab3ae7a52050bbd1475dfc6717fc9a78cb0f0e4162b49e4affd205e3b081e6d980c35e4e833ed9f639116eded39136744ade94b57c45

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks