Overview

overview

8

Static

static

SecuriteIn...45.exe

windows7_x64

8

SecuriteIn...45.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.PWS.Siggen2.51435.17855.12845

  • Size

    1.8MB

  • Sample

    200711-nmmykkamvn

  • MD5

    68f2c5cd12a9b826c26b00692c669beb

  • SHA1

    a008d2815663aa95fbe3253987a410b2da87a15e

  • SHA256

    c5c84d138c5e86520dbeb383c1a17b98019af4f6b7da75a178674208587244a6

  • SHA512

    c5c5e8cbf3ae3cb9dacf74fc48b3e8caa05b44f690c697adc2d13795cbf541a0911f1a01e7a7f9c82fb231c7e6bd7f482300a6fe58f243740726da14955d8747

Score
8/10
discoveryevasionspywaretrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.PWS.Siggen2.51435.17855.12845

    • Size

      1.8MB

    • MD5

      68f2c5cd12a9b826c26b00692c669beb

    • SHA1

      a008d2815663aa95fbe3253987a410b2da87a15e

    • SHA256

      c5c84d138c5e86520dbeb383c1a17b98019af4f6b7da75a178674208587244a6

    • SHA512

      c5c5e8cbf3ae3cb9dacf74fc48b3e8caa05b44f690c697adc2d13795cbf541a0911f1a01e7a7f9c82fb231c7e6bd7f482300a6fe58f243740726da14955d8747

    Score
    8/10
    evasionspywaretrojandiscovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies system certificate store

      evasionspywaretrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks