General
-
Target
SecuriteInfo.com.Trojan.Siggen29.54948.7115.19193.exe
-
Size
5.8MB
-
Sample
241027-v66nkszfje
-
MD5
c441be4f7fd0f07fdcf94657c624c3da
-
SHA1
bedd1f5d2feb959599b370590f62f02cbb3d2d3f
-
SHA256
47c6484dde4d9ca23a7667b1b71c5ed88d7cdd3dccf57485333ceda0153e5684
-
SHA512
c753bfa2b84ea5dfc47dbe25b807af6dd7d79e53a780ef693052f0c5c774767ef5b277671b07c539132af11a56546de3dd18790ce3fb3c4f66ca63c6c17fd8ad
-
SSDEEP
98304:wKDlzK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucxJixyWB5TU7NTJN1uy:waFbErIYeQ3nEIsyU2Y48CBh5TjY
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen29.54948.7115.19193.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen29.54948.7115.19193.exe
-
Size
5.8MB
-
MD5
c441be4f7fd0f07fdcf94657c624c3da
-
SHA1
bedd1f5d2feb959599b370590f62f02cbb3d2d3f
-
SHA256
47c6484dde4d9ca23a7667b1b71c5ed88d7cdd3dccf57485333ceda0153e5684
-
SHA512
c753bfa2b84ea5dfc47dbe25b807af6dd7d79e53a780ef693052f0c5c774767ef5b277671b07c539132af11a56546de3dd18790ce3fb3c4f66ca63c6c17fd8ad
-
SSDEEP
98304:wKDlzK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucxJixyWB5TU7NTJN1uy:waFbErIYeQ3nEIsyU2Y48CBh5TjY
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-