General
-
Target
SecuriteInfo.com.Trojan.Siggen12.33370.30028.25368
-
Size
4.1MB
-
Sample
210412-18rncq2e5j
-
MD5
29389832e538957dc769cf709f80144a
-
SHA1
72f5ca06d840acbc9b49e4096e341c0dbaac891e
-
SHA256
d6d2e00343a3cad48cc2f4799ce87d27acc3ce154aed286c07f226de2e9c4035
-
SHA512
5f787359fbc37d8bed92da38e80106cc257c2339488ca956759b33024aa61194bb87faa8db841ded486d5bba253ce44342dd206cf93a9751de95784f5ee79f05
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen12.33370.30028.25368.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen12.33370.30028.25368
-
Size
4.1MB
-
MD5
29389832e538957dc769cf709f80144a
-
SHA1
72f5ca06d840acbc9b49e4096e341c0dbaac891e
-
SHA256
d6d2e00343a3cad48cc2f4799ce87d27acc3ce154aed286c07f226de2e9c4035
-
SHA512
5f787359fbc37d8bed92da38e80106cc257c2339488ca956759b33024aa61194bb87faa8db841ded486d5bba253ce44342dd206cf93a9751de95784f5ee79f05
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-