General
-
Target
SecuriteInfo.com.Trojan.Siggen10.14421.24699.12427
-
Size
75KB
-
Sample
201025-l7ryttgr4a
-
MD5
e879df3fc1421ae6fddb927b080a8544
-
SHA1
712d8cd858e466edfd52008b65b405c57f3f0ab9
-
SHA256
e2a0a85c3ad93e14292ed2472855d157317f48abcde859c81d51dd42816be065
-
SHA512
a9a2d3bb5a03f901dbc91d2b3032eb64f2e1398ffd69c362c5311a67ca9a61c2576bd77df19fdd15d70d201105868a42a6ff0d9fc9ad2366f0cbf62cde47dcc3
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen10.14421.24699.12427
-
Size
75KB
-
MD5
e879df3fc1421ae6fddb927b080a8544
-
SHA1
712d8cd858e466edfd52008b65b405c57f3f0ab9
-
SHA256
e2a0a85c3ad93e14292ed2472855d157317f48abcde859c81d51dd42816be065
-
SHA512
a9a2d3bb5a03f901dbc91d2b3032eb64f2e1398ffd69c362c5311a67ca9a61c2576bd77df19fdd15d70d201105868a42a6ff0d9fc9ad2366f0cbf62cde47dcc3
Score10/10-
Phorphiex Payload
-
Phorphiex Worm
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-