General
-
Target
SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe
-
Size
42.7MB
-
Sample
240412-c1a1lsfh2v
-
MD5
a049363fbe9e8e98547d1a3d4694ea9e
-
SHA1
db73c14ac4dbc93966b2ca4158e3bcc7815109c9
-
SHA256
f1c79bc29231efd0aaa9138d7e13df0209ae28f6ec7fa8b3b85e57d60a0adbb2
-
SHA512
61667af967b9d3e24ab0dbc62e19923bb57325e6630b6ce3f4adb99977de90359ea36e62480055327d60af4dc102fe309f24d403a896f12cafd6b3238c9f1983
-
SSDEEP
786432:Cee2ddaQ/KrzdH6Kkf3u8O+3/CGHeF4Eogk+RrFpldGxujSNLcfk6lYog9a0gnt5:DD/KrzdXkqIK2eFyf+RrBPjNfkQ/g9ef
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe
-
Size
42.7MB
-
MD5
a049363fbe9e8e98547d1a3d4694ea9e
-
SHA1
db73c14ac4dbc93966b2ca4158e3bcc7815109c9
-
SHA256
f1c79bc29231efd0aaa9138d7e13df0209ae28f6ec7fa8b3b85e57d60a0adbb2
-
SHA512
61667af967b9d3e24ab0dbc62e19923bb57325e6630b6ce3f4adb99977de90359ea36e62480055327d60af4dc102fe309f24d403a896f12cafd6b3238c9f1983
-
SSDEEP
786432:Cee2ddaQ/KrzdH6Kkf3u8O+3/CGHeF4Eogk+RrFpldGxujSNLcfk6lYog9a0gnt5:DD/KrzdXkqIK2eFyf+RrBPjNfkQ/g9ef
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-