General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17149.21631.2242

  • Size

    38KB

  • Sample

    220816-jly78ahad2

  • MD5

    973d256bd86052c4b67af3d5c9e80fb2

  • SHA1

    fc5ec8fe64d666294a8cd533cbe0caac3cd7fa56

  • SHA256

    c70a0b74802c56a2c8d87c6d66b6e4cf52e0905b23ae685cf372a8712bfcddb9

  • SHA512

    53a229c1f48f876f379c7d24fbc3f458113c09a840c2e5d2128d5cd317bdd4cd73bfc9c035cdefdcb709b4960e16575728f2da9a9d05867a3805f9eec7c90d90

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://facextrade.com.br/wp-includes/certificates/4.txt

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17149.21631.2242

    • Size

      38KB

    • MD5

      973d256bd86052c4b67af3d5c9e80fb2

    • SHA1

      fc5ec8fe64d666294a8cd533cbe0caac3cd7fa56

    • SHA256

      c70a0b74802c56a2c8d87c6d66b6e4cf52e0905b23ae685cf372a8712bfcddb9

    • SHA512

      53a229c1f48f876f379c7d24fbc3f458113c09a840c2e5d2128d5cd317bdd4cd73bfc9c035cdefdcb709b4960e16575728f2da9a9d05867a3805f9eec7c90d90

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks