General
-
Target
SecuriteInfo.com.Trojan.Siggen9.58380.16060.15702
-
Size
405KB
-
Sample
200801-3r944s6sbx
-
MD5
421b08e81a183c1d7337128cba971fa2
-
SHA1
291bab40915a7c2d7277f3f1944e54a3c236eef2
-
SHA256
cf5d63823cb7e280e555b94cba5aa1a5e8c0eb3c738f7e620dc2a923532f98de
-
SHA512
97bbe1cd8793b82ac2b24cd73a959ee1be86b2491d5552dd264c4e0270fd1e2d34adfe4afe2b234c577ca179c7812548978357184abc84a2bf0966e50e907b5c
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen9.58380.16060.15702.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen9.58380.16060.15702
-
Size
405KB
-
MD5
421b08e81a183c1d7337128cba971fa2
-
SHA1
291bab40915a7c2d7277f3f1944e54a3c236eef2
-
SHA256
cf5d63823cb7e280e555b94cba5aa1a5e8c0eb3c738f7e620dc2a923532f98de
-
SHA512
97bbe1cd8793b82ac2b24cd73a959ee1be86b2491d5552dd264c4e0270fd1e2d34adfe4afe2b234c577ca179c7812548978357184abc84a2bf0966e50e907b5c
-
Formbook Payload
-
Adds policy Run key to start application
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-