General
-
Target
SecuriteInfo.com.Trojan.PWS.Siggen2.52076.22337.3297
-
Size
196KB
-
Sample
200802-63xgm47t22
-
MD5
c8622061c2330af588df35ae3e0d970b
-
SHA1
36bdf9909e56aa37d05fc664286a79fa25b9dbd6
-
SHA256
ed3f7ab84c2988036a63e375a5fc9f98dff31fd2a9597b4eae79604ae622e6cd
-
SHA512
e48007d08efe2ea5b4b5defbbcce78f9219aa16209e2ab4f44403020c58aaba0c8b0acd93c87e40e2595c3a3fe24e124564a1b4ed62caf0debebb8bd858453b6
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Siggen2.52076.22337.3297.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PWS.Siggen2.52076.22337.3297.exe
Resource
win10
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Siggen2.52076.22337.3297
-
Size
196KB
-
MD5
c8622061c2330af588df35ae3e0d970b
-
SHA1
36bdf9909e56aa37d05fc664286a79fa25b9dbd6
-
SHA256
ed3f7ab84c2988036a63e375a5fc9f98dff31fd2a9597b4eae79604ae622e6cd
-
SHA512
e48007d08efe2ea5b4b5defbbcce78f9219aa16209e2ab4f44403020c58aaba0c8b0acd93c87e40e2595c3a3fe24e124564a1b4ed62caf0debebb8bd858453b6
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-