flash

SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Status: finished
Submission Time: 23.02.2021 17:41:24
Malicious
Trojan
Spyware
Evader
RedLine

Comments

Tags

  • RedLineStealer

Details

  • Analysis ID:
    356847
  • API (Web) ID:
    615679
  • Analysis Started:
    23.02.2021 17:47:00
  • Analysis Finished:
    23.02.2021 17:55:01
  • MD5:
    a6602f490e70a0c9846906944c01b1ba
  • SHA1:
    3864724e9136d3090cd2e7afa5ae4a348e07e0e4
  • SHA256:
    1733a30d0e7acb953730092047086555a39f5cb2ee2549021e253cbdc931fb91
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
88/100

malicious
53/71

malicious
12/37

malicious
22/29

malicious

IPs

IP Country Detection
192.0.47.59
United States
45.14.13.58
Netherlands

Domains

Name IP Detection
api.ip.sb
0.0.0.0
ianawhois.vip.icann.org
192.0.47.59
whois.iana.org
0.0.0.0

URLs

Name Detection
https://duckduckgo.com/chrome_newtab
http://service.r
https://icanhazip.com
Click to see the 57 hidden entries
https://duckduckgo.com/ac/?q=
http://www.geoplugin.net/json.gp?ip=https://api.ip.sb/geoipsecuritywaves-exchange
http://schemas.datacontract.org
https://api.ip.sb/geoip
http://schemas.xmlsoap.org/soap/envelope/
http://schemas.datacontract.org/2004/07/CONTEXT.Models.Enums
http://schemas.xmlsoap.org/soap/envelope/D
http://tempuri.org/
http://ns.adobe.c/g
https://wtfismyip.com/text
http://go.micros
https://api.ipify.org
http://tempuri.org/IRemotePanel/GetTasksResponse
http://tempuri.org/IRemotePanel/SendClientInfo
http://www.interoperabilitybridges.com/wmp-extension-for-chrome
http://ns.adobe.c/go
http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
http://tempuri.org/0
http://ns.adobe.cobjo
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://forms.real.com/real/realone/download.html?type=rpsp_us
http://support.a
http://tempuri.org/IRemotePanel/GetSettingsResponse
http://45.14.13.58:3214
https://ipinfo.io/ip%appdata%
http://api.ip.sb
http://tempuri.org/IRemotePanel/SendClientInfoResponse
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
http://tempuri.org/IRemotePanel/GetTasks
https://icanhazip.com5https://wtfismyip.com/textChttp://bot.whatismyipaddress.com/3http://checkip.dy
http://ns.adobe.cobj
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
http://schemas.datacontract.org/2004/07/
https://api.ip.sb
https://helpx.ad
http://45.14.13.58:32144
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://45.14.13.58:3214/
http://checkip.dyndns.org
http://tempuri.org/IRemotePanel/CompleteTaskResponse
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://bot.whatismyipaddress.com/
https://get.adob
https://ac.ecosia.org/autocomplete?q=
http://service.real.com/realplayer/security/02062012_player/en/
http://schemas.xmlsoap.org/ws/2004/08/addressing
http://forms.rea
http://tempuri.org/IRemotePanel/CompleteTask
http://crl4.dig
http://tempuri.org/IRemotePanel/GetSettings
https://duckduckgo.com/chrome_newtabt
http://ns.ado/1o
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://schemas.xmlsoap.org/soap/actor/next
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
http://ns.ado/1
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpFE00.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmpFE10.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
Click to see the 18 hidden entries
C:\Users\user\AppData\Local\Temp\tmpFE11.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmpFE51.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmpFE52.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2A54.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp2A55.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2A56.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp2A57.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2A87.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp2A88.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2A89.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp2A8A.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2A8B.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp76A9.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp76D9.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmpD19C.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmpD19D.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmpD19E.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmpD19F.tmp
SQLite 3.x database, last written using SQLite version 3032001
#