General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12169.12560.17671
-
Size
172KB
-
Sample
200801-k3d77ewq1n
-
MD5
b723bffd3d4b6b7fa028d2a20c5f0921
-
SHA1
7588128c5ae380846647b8219de31b62e0ec3fd2
-
SHA256
28e85a8022d13e3eae9c98b2befa55c01ad65cb6de39ef857d7a8f6c2153a84d
-
SHA512
a97c3b5ab5ce88fd249bed5bfb95a0557caff5edb3cb7b1bdefaaf612ae4c7cd6df370a4cb9c14f40744d1b88c61db416da1802fb9304355e13938c78c34f24b
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12169.12560.17671.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12169.12560.17671.doc
Resource
win10
Malware Config
Extracted
http://www.hatchdogs.com/assets/XIw/
https://groovyboove.co.uk/blogs/8T94mmdka13/
https://gregemerson.com/wp-includes/hudy17240/
http://guariz.com.br/WuutjlO/
http://hafder.com/images/fhq7h7babdbe5q5052/
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.12169.12560.17671
-
Size
172KB
-
MD5
b723bffd3d4b6b7fa028d2a20c5f0921
-
SHA1
7588128c5ae380846647b8219de31b62e0ec3fd2
-
SHA256
28e85a8022d13e3eae9c98b2befa55c01ad65cb6de39ef857d7a8f6c2153a84d
-
SHA512
a97c3b5ab5ce88fd249bed5bfb95a0557caff5edb3cb7b1bdefaaf612ae4c7cd6df370a4cb9c14f40744d1b88c61db416da1802fb9304355e13938c78c34f24b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Drops file in System32 directory
-