General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12183.28160.28092
-
Size
174KB
-
Sample
200801-p8wvyzllh6
-
MD5
3c20d0817d04e702fd5166fc3ce8594b
-
SHA1
a984d3e6856342ddc5d6bf48d7de645ba8084cc1
-
SHA256
4b22feab70ea7d7acacbfaa93a8e2f6e0c3cd2520c63603caff2a970a78b1ea3
-
SHA512
623f619e0ea82ef2979ad6c8485357b75c6f0cedbcda80d4c4c2198ea721ff3588892c1d4b929b7181f784d66aeea45230275faed12d0ca068e39afbc3a94b92
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12183.28160.28092.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12183.28160.28092.doc
Resource
win10
Malware Config
Extracted
http://www.hatchdogs.com/assets/XIw/
https://groovyboove.co.uk/blogs/8T94mmdka13/
https://gregemerson.com/wp-includes/hudy17240/
http://guariz.com.br/WuutjlO/
http://hafder.com/images/fhq7h7babdbe5q5052/
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.12183.28160.28092
-
Size
174KB
-
MD5
3c20d0817d04e702fd5166fc3ce8594b
-
SHA1
a984d3e6856342ddc5d6bf48d7de645ba8084cc1
-
SHA256
4b22feab70ea7d7acacbfaa93a8e2f6e0c3cd2520c63603caff2a970a78b1ea3
-
SHA512
623f619e0ea82ef2979ad6c8485357b75c6f0cedbcda80d4c4c2198ea721ff3588892c1d4b929b7181f784d66aeea45230275faed12d0ca068e39afbc3a94b92
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Drops file in System32 directory
-