f1c79bc29231efd0aaa9138d7e13df0209ae28f6ec7fa8b3b85e57d60a0adbb2 | Triage

Submit
Reports

Overview

overview

9

Static

static

9

SecuriteIn...04.exe

windows7-x64

8

SecuriteIn...04.exe

windows10-2004-x64

8

Sharing

General

Target

SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe
Size

42.7MB
Sample

240412-c1a1lsfh2v
MD5

a049363fbe9e8e98547d1a3d4694ea9e
SHA1

db73c14ac4dbc93966b2ca4158e3bcc7815109c9
SHA256

f1c79bc29231efd0aaa9138d7e13df0209ae28f6ec7fa8b3b85e57d60a0adbb2
SHA512

61667af967b9d3e24ab0dbc62e19923bb57325e6630b6ce3f4adb99977de90359ea36e62480055327d60af4dc102fe309f24d403a896f12cafd6b3238c9f1983
SSDEEP

786432:Cee2ddaQ/KrzdH6Kkf3u8O+3/CGHeF4Eogk+RrFpldGxujSNLcfk6lYog9a0gnt5:DD/KrzdXkqIK2eFyf+RrBPjNfkQ/g9ef

Score

9^/10

cryptone discovery evasion packer persistence spyware stealer trojan

Static task

static1

cryptone packer

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe

Resource

win7-20240221-en

discovery persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe

Resource

win10v2004-20240226-en

discovery evasion persistence spyware stealer trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen14.37456.29546.22604.exe
- Size
  
  42.7MB
- MD5
  
  a049363fbe9e8e98547d1a3d4694ea9e
- SHA1
  
  db73c14ac4dbc93966b2ca4158e3bcc7815109c9
- SHA256
  
  f1c79bc29231efd0aaa9138d7e13df0209ae28f6ec7fa8b3b85e57d60a0adbb2
- SHA512
  
  61667af967b9d3e24ab0dbc62e19923bb57325e6630b6ce3f4adb99977de90359ea36e62480055327d60af4dc102fe309f24d403a896f12cafd6b3238c9f1983
- SSDEEP
  
  786432:Cee2ddaQ/KrzdH6Kkf3u8O+3/CGHeF4Eogk+RrFpldGxujSNLcfk6lYog9a0gnt5:DD/KrzdXkqIK2eFyf+RrBPjNfkQ/g9ef
Score

8^/10

discovery persistence evasion spyware stealer trojan
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoveryevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy