Overview

overview

10

Static

static

SecuriteIn...02.exe

windows7_x64

10

SecuriteIn...02.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Siggen9.58380.16060.15702

  • Size

    405KB

  • Sample

    200801-3r944s6sbx

  • MD5

    421b08e81a183c1d7337128cba971fa2

  • SHA1

    291bab40915a7c2d7277f3f1944e54a3c236eef2

  • SHA256

    cf5d63823cb7e280e555b94cba5aa1a5e8c0eb3c738f7e620dc2a923532f98de

  • SHA512

    97bbe1cd8793b82ac2b24cd73a959ee1be86b2491d5552dd264c4e0270fd1e2d34adfe4afe2b234c577ca179c7812548978357184abc84a2bf0966e50e907b5c

Score
10/10
formbookevasionpersistenceratspywarestealertrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen9.58380.16060.15702

    • Size

      405KB

    • MD5

      421b08e81a183c1d7337128cba971fa2

    • SHA1

      291bab40915a7c2d7277f3f1944e54a3c236eef2

    • SHA256

      cf5d63823cb7e280e555b94cba5aa1a5e8c0eb3c738f7e620dc2a923532f98de

    • SHA512

      97bbe1cd8793b82ac2b24cd73a959ee1be86b2491d5552dd264c4e0270fd1e2d34adfe4afe2b234c577ca179c7812548978357184abc84a2bf0966e50e907b5c

    Score
    10/10
    ratevasiontrojanspywarestealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks