General
-
Target
SecuriteInfo.com.Trojan.Siggen10.14421.6375.30290
-
Size
75KB
-
Sample
201025-blet5x8r4x
-
MD5
fcbb520e5c66b1f024440e4eea650686
-
SHA1
710a7bd0d4791edc0f75d8d778c173c981120b5d
-
SHA256
f2af7f2de72d42d045309ea26b6c19076a42b4e6703fb15b5d40416ab37a8052
-
SHA512
0be757dd903f53394cfd46869e3694aa68f95efe1fcfba24649e9fdc33c489a4095fe0a22a5a50da4ae9cba35251790b0943365bf02fb52d7f6de3fa5173a733
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen10.14421.6375.30290
-
Size
75KB
-
MD5
fcbb520e5c66b1f024440e4eea650686
-
SHA1
710a7bd0d4791edc0f75d8d778c173c981120b5d
-
SHA256
f2af7f2de72d42d045309ea26b6c19076a42b4e6703fb15b5d40416ab37a8052
-
SHA512
0be757dd903f53394cfd46869e3694aa68f95efe1fcfba24649e9fdc33c489a4095fe0a22a5a50da4ae9cba35251790b0943365bf02fb52d7f6de3fa5173a733
Score10/10-
Phorphiex Payload
-
Phorphiex Worm
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-