General

  • Target

    SecuriteInfo.com.Trojan.Siggen9.50743.11374.31841

  • Size

    888KB

  • Sample

    201109-zltbkv8tws

  • MD5

    b18e53bb27f7c270cadfa062c8c9330a

  • SHA1

    a472e5ba842817df057cad53a1934d5b91617032

  • SHA256

    1314a12570bef72ff76b05764456120c10b32b9c6a22df24e6874951abaa6092

  • SHA512

    10b5632a7b808efb1f8926772124b213c6db4fb4cca49c854d28f570ea12a1c018c6094286239293e684fea922e26f59276bbf7771b5f0df01971ffdfa5033ba

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen9.50743.11374.31841

    • Size

      888KB

    • MD5

      b18e53bb27f7c270cadfa062c8c9330a

    • SHA1

      a472e5ba842817df057cad53a1934d5b91617032

    • SHA256

      1314a12570bef72ff76b05764456120c10b32b9c6a22df24e6874951abaa6092

    • SHA512

      10b5632a7b808efb1f8926772124b213c6db4fb4cca49c854d28f570ea12a1c018c6094286239293e684fea922e26f59276bbf7771b5f0df01971ffdfa5033ba

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

4
T1112

Disabling Security Tools

3
T1089

Tasks