General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17149.8245.21810

  • Size

    38KB

  • Sample

    220816-jlyxfshac4

  • MD5

    50860325a0e4f6f204c76dd262b7df6b

  • SHA1

    f096b272f012f300ebbd2536e45d97cf02852c36

  • SHA256

    6327c67ee4ae318f558e379fbfa071749113398782101c9f3beeb7310e81e725

  • SHA512

    637209224af7309a0acbbb1d51f9cf35782caf41de3924a86e6263c8136b8e074b66288af511d6a638d713d82a57fdd16ddf96b518c33589f4730ea8f8453b03

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://facextrade.com.br/wp-includes/certificates/4.txt

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17149.8245.21810

    • Size

      38KB

    • MD5

      50860325a0e4f6f204c76dd262b7df6b

    • SHA1

      f096b272f012f300ebbd2536e45d97cf02852c36

    • SHA256

      6327c67ee4ae318f558e379fbfa071749113398782101c9f3beeb7310e81e725

    • SHA512

      637209224af7309a0acbbb1d51f9cf35782caf41de3924a86e6263c8136b8e074b66288af511d6a638d713d82a57fdd16ddf96b518c33589f4730ea8f8453b03

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks