General

  • Target

    SecuriteInfo.com.Trojan.PWS.Siggen2.51343.32236.12600

  • Size

    345KB

  • Sample

    200801-efr8bnq4ca

  • MD5

    b72e426691c8562cab3551f77964a8ff

  • SHA1

    d2b2936ff183a895ce82ed5d75ea0fdac3c7591e

  • SHA256

    bf2efbd13ace8761d0ff1d9e0952bbacb4c403a0e91d76d0b2cd65b838b4c0a6

  • SHA512

    8a6f90aca560b56151ae047de87b44850133ec8605b9c66c71de9cfce57f4f3ae4a37d5f9b902085a5d7bdda718749f364fc5414581f9b1ca355c0c69dbde141

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.PWS.Siggen2.51343.32236.12600

    • Size

      345KB

    • MD5

      b72e426691c8562cab3551f77964a8ff

    • SHA1

      d2b2936ff183a895ce82ed5d75ea0fdac3c7591e

    • SHA256

      bf2efbd13ace8761d0ff1d9e0952bbacb4c403a0e91d76d0b2cd65b838b4c0a6

    • SHA512

      8a6f90aca560b56151ae047de87b44850133ec8605b9c66c71de9cfce57f4f3ae4a37d5f9b902085a5d7bdda718749f364fc5414581f9b1ca355c0c69dbde141

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks