Register Login

sloganpng

top title background image

SecuriteInfo.com.Trojan.Siggen9.60237.32635.exe

Status: finished

Submission Time: 2020-08-02 06:29:12 +02:00

Malicious

Trojan

Evader

MassLogger RAT

Comments

Tags

Details

Analysis ID:
255774
API (Web) ID:
407088
Analysis Started:

2020-08-02 06:29:13 +02:00
Analysis Finished:

2020-08-02 06:37:06 +02:00
MD5:
061c34015e1bf2e8443e5d6d6678705a
SHA1:
fafcdd793afab2ac017342cf5e587b45bc676e0b
SHA256:
27d52d4881c4ef9f8f6dea631a6a635ac7e005a8f5170198dd84fca21d79abc9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 64	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
http://www.codeplex.com/DotNetZip.
https://www.youtube.com/watch?v=Qxk6cu21JSg
http://api.ipify.orgD
Click to see the 3 hidden entries
http://www.play.net/playdotnet/simu_policy.aspMUnable
http://www.blacklightning.net
http://www.play.net/playdotnet/simu_policy.asp

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Siggen9.60237.32635.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04laph55.xwt.psm1	very short file (no magic)	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yxasfpld.fwp.ps1	very short file (no magic)	#
C:\Users\user\Documents\20200802\PowerShell_transcript.910646._ZOxLXXf.20200802063014.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#