General

  • Target

    SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429

  • Size

    170KB

  • Sample

    200801-kqxl854lxa

  • MD5

    2fb02ab60274d396a7c01d5917ff21ec

  • SHA1

    cc78cb81517d7b18434964dd029efb6e06857e96

  • SHA256

    e547fe2a6107ee0731916d3a03179c18b54bf227ea86eed3cadf25fd0df77901

  • SHA512

    f00a3c380c7e23d546aee05f528aae402c0102de1988da4436616be7cd0ed1ba3e499b78c77dbfe628d544aa45c6426775d8442ca4816dcafdda52b2cf03030a

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://iclebyte.com/uPD6c443/

exe.dropper

http://iberfoods.com/site/UHaa7627/

exe.dropper

http://yumiwong.com/img/Hct998/

exe.dropper

http://www.ymdc786.com/connectors/0u9462/

exe.dropper

https://yusufpaintings.com/cgi-bin/symNCd/

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429

    • Size

      170KB

    • MD5

      2fb02ab60274d396a7c01d5917ff21ec

    • SHA1

      cc78cb81517d7b18434964dd029efb6e06857e96

    • SHA256

      e547fe2a6107ee0731916d3a03179c18b54bf227ea86eed3cadf25fd0df77901

    • SHA512

      f00a3c380c7e23d546aee05f528aae402c0102de1988da4436616be7cd0ed1ba3e499b78c77dbfe628d544aa45c6426775d8442ca4816dcafdda52b2cf03030a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks