flash

SecuriteInfo.com.Trojan.Siggen12.2497.1023.exe

Status: finished
Submission Time: 23.02.2021 17:20:22
Malicious
Trojan
Evader

Comments

Tags

Details

  • Analysis ID:
    356833
  • API (Web) ID:
    615643
  • Analysis Started:
    23.02.2021 17:33:21
  • Analysis Finished:
    23.02.2021 17:40:03
  • MD5:
    9e74c1841ab5ec50dd43819aaba20c0b
  • SHA1:
    d37d7026c09dc6d93fd01dc90d7a224d22dca168
  • SHA256:
    d367eca88434cb310aad91f251c9baa7d11fcd2ffd2c0f0cbb35595445a27698
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
38/71

malicious
17/29

malicious

malicious

IPs

IP Country Detection
88.99.66.31
Germany
104.23.98.190
United States
94.103.94.2
Russian Federation

Domains

Name IP Detection
iplogger.org
88.99.66.31
pastebin.com
104.23.98.190

URLs

Name Detection
http://94.103.94.2/gucci.exe
http://94.103.94.2/tnf.exe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Click to see the 14 hidden entries
http://iplogger.org
https://sectigo.com/CPS0
https://pastebin.com/raw/ZdmQ9Ych
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.sectigo.com0
http://94.103.94.2
http://94.103.94.24
http://ocsp.thawte.com0
https://pastebin.com/raw/ZdmQ9YchT
https://pastebin.com/raw/LpGZbDTX
https://iplogger.org/1nzde7
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://iplogger.org
https://pastebin.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Siggen12.2497.1023.exe.log
ASCII text, with CRLF line terminators
#