General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17149.4633.3661

  • Size

    38KB

  • Sample

    220816-jlyxfsebhn

  • MD5

    33a12b2b07ecd6d349f4d149aae3103a

  • SHA1

    1701f6a80e859aaed17ecd99dac0bda7d7e66fcb

  • SHA256

    ea6e71f6371f871da6829a35496a63bf02f162a38ee6e89e16b33b7b76e874a5

  • SHA512

    ce7a4683c28ae562e32ee3130d6a9bc01889ca52609c462e232eae9c960aacd90780e579b2cbb65a0b0e482e42f75018b0754f1e8a1c9ee96fae97777fa38150

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://facextrade.com.br/wp-includes/certificates/4.txt

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17149.4633.3661

    • Size

      38KB

    • MD5

      33a12b2b07ecd6d349f4d149aae3103a

    • SHA1

      1701f6a80e859aaed17ecd99dac0bda7d7e66fcb

    • SHA256

      ea6e71f6371f871da6829a35496a63bf02f162a38ee6e89e16b33b7b76e874a5

    • SHA512

      ce7a4683c28ae562e32ee3130d6a9bc01889ca52609c462e232eae9c960aacd90780e579b2cbb65a0b0e482e42f75018b0754f1e8a1c9ee96fae97777fa38150

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks