General
-
Target
SecuriteInfo.com.Trojan.Siggen18.28487.29444.14710
-
Size
464KB
-
Sample
220728-pzmdgagdfl
-
MD5
e3ae60d5d8febf81faa40b4f1037973f
-
SHA1
acb898e85fbe7683beffc4a0ffdca722fba6362e
-
SHA256
ba8e5d725013aa2a898943146887600af1cbe89c9ec36e5b4922b36976794a85
-
SHA512
985e39c0960ee1fc39f9b05a448712ceb452e58909517f9abe37724b13821ad633825c6555edf98ccbc60512702e25ff93fd1df65fc0e8ffde6f97fcc571ba73
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen18.28487.29444.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
4.1
mh76
healthgovcalottery.net
wenxinliao.com
rooterphd.com
bbobbo.one
american-mes-de-dezembro.xyz
mintager.com
thespecialtstore.com
wemakegreenhomes.com
occurandmental.xyz
fidelityrealtytitle.com
numerisat.asia
wearestallions.com
supxl.com
rajacumi.com
renaziv.online
blixtindustries.com
fjljq.com
exploretrivenicamping.com
authenticusspa.com
uucloud.press
conclaveraleighapts.com
moqaq.com
graphicressie.com
homebest.online
yisaco.com
thedrybonesareawakening.com
browardhomeappraisal.com
xn--agroisleos-09a.com
clinchrecovery.com
rekoladev.com
mlbl1.xyz
tunecaring.com
avconstant.com
chelseavictorioustravels.com
esrfy.xyz
frijolitoswey.com
zsfsidltd.com
natashasadler.com
kice1.xyz
drivemytrains.xyz
shopalthosa.xyz
merendri.com
yetkiliveznem7.xyz
milestonesconstruction.com
apparodeoexpos.com
momotou.xyz
chatkhoneh.com
cacconsults.com
kigif-indonesia.com
segurambiental.com
verynicegirls.com
curearrow.com
fdupcoffee.com
theclevergolfers.com
moushimonster.com
qdchuangyedaikuan.com
hopefortodayrecovery.com
wk6agoboyxg6.xyz
giybetfm.com
completedn.xyz
eluawastudio.com
legacysportsusatexas.com
comgmaik.com
intelsearchtech.com
northpierangling.info
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen18.28487.29444.14710
-
Size
464KB
-
MD5
e3ae60d5d8febf81faa40b4f1037973f
-
SHA1
acb898e85fbe7683beffc4a0ffdca722fba6362e
-
SHA256
ba8e5d725013aa2a898943146887600af1cbe89c9ec36e5b4922b36976794a85
-
SHA512
985e39c0960ee1fc39f9b05a448712ceb452e58909517f9abe37724b13821ad633825c6555edf98ccbc60512702e25ff93fd1df65fc0e8ffde6f97fcc571ba73
-
Formbook payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-