SecuriteInfo.com.Trojan.Siggen12.33370.30028.exe

Status: finished

Submission Time: 2021-04-12 12:58:57 +02:00

Malicious

E-Banking Trojan

Trojan

Spyware

Evader

Comments

Details

Analysis ID:
385405
API (Web) ID:
672913
Analysis Started:

2021-04-12 13:02:11 +02:00
Analysis Finished:

2021-04-12 13:27:02 +02:00
MD5:
29389832e538957dc769cf709f80144a
SHA1:
72f5ca06d840acbc9b49e4096e341c0dbaac891e
SHA256:
d6d2e00343a3cad48cc2f4799ce87d27acc3ce154aed286c07f226de2e9c4035
Technologies:

Engines
IOCs

Joe Sandbox

Download Report	Detection	Info
	malicious
Full Report Management Report IOC Report	malicious Score: 93	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report	malicious Score: 93	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 52/69

Open Full Report

malicious

Score: 10/36

malicious

Score: 31/48

Domains

Name	IP	Detection
bdc347c728b2d94d.com	0.0.0.0
84b5a35d6e5335ef.com	0.0.0.0
61D53B5A4BC1AB86.com	0.0.0.0
Click to see the 10 hidden entries
C431A802FF4A46B5.com	0.0.0.0
9ED2FEEA30C3CC5D.com	0.0.0.0
61d53b5a4bc1ab86.com	0.0.0.0
9ed2feea30c3cc5d.com	0.0.0.0
back19e64ea00d6ecfe1.io	0.0.0.0
55BE681FC6760236.com	0.0.0.0
BDC347C728B2D94D.com	0.0.0.0
84B5A35D6E5335EF.com	0.0.0.0
55be681fc6760236.com	0.0.0.0
c431a802ff4a46b5.com	0.0.0.0

URLs

Name	Detection
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g
http://www.msn.com/
https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9
Click to see the 97 hidden entries
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
http://9ede681fc6760236.com/
https://srtb.msn.com/auction?a=de-ch&b=fa1a6a09db4c4f6fbf480b78c51caf60&c=MSN&d=http%3A%2F%2Fwww.msn
https://api.twitter.com/1.1/statuses/update.json
http://55BE681FC6760236.com/info_old/ddd
https://670D67B00237B933.xyz/T
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
https://pki.goog/repository/0
https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
https://contextual.media.net/
https://upload.twitter.com/i/media/upload.json
http://61D53B5A4BC1AB86.com/info_old/w
https://support.goog
http://84b2feea30c3cc5d.com/
https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://670D67B00237B933.xyz/
http://pki.goog/gsr2/GTS1O1.crt0
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://www.messenger.com/origin:
https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me
https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:
https://feedback.googleusercontent.com
http://back19e64ea00d6ecfe1.io/info_old/ddd.
https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0
http://pki.goog/gsr2/GTSGIAG3.crt0)
http://crl.pki.goog/gsr2/gsr2.crl0?
http://back19e64ea00d6ecfe1.io/y
https://cvision.media.net/new/286x175/2/189/134/171/257b11a9-f3a3-4bb3-9298-c791f456f3d0.jpg?v=9
http://C431A802FF4A46B5.com//
https://contextual.media.net/48/nrrV18753.js
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js
https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
http://www.vb-cable.comVBCABLE
http://back19e64ea00d6ecfe1.io/info_old/ddd
http://back19e64ea00d6ecfe1.io/info_old/wJ
https://www.messenger.com/accept:
http://BDC347C728B2D94D.com/info_old/w
http://BDC347C728B2D94D.com/info_old/dddn
http://www.vb-cable.com
http://back19e64ea00d6ecfe1.io/h
http://55BE681FC6760236.com/
https://twitter.com/compose/tweetsec-fetch-mode:
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
http://BDC347C728B2D94D.com/o/
http://www.nirsoft.net
http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4OGQ1ZDgwMWE2ODQ2NDNkM2ZkMmYyMGEwOTgwMWQ3MDE2Z
https://twitter.comsec-fetch-dest:
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
http://BDC347C728B2D94D.com/
http://55BE681FC6760236.com/o/H
https://twitter.com/ookie:
https://contextual.media.net/__media__/js/util/nrrV9140.js
http://61D53B5A4BC1AB86.com/info_old/ddd
http://61D53B5A4BC1AB86.com/ll
http://back19e64ea00d6ecfe1.io/info_old/w
http://BDC347C728B2D94D.com/w
https://deff.nelreports.net/api/report?cat=msn
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
http://back19e64ea00d6ecfe1.io/Y
http://9ED2FEEA30C3CC5D.com/info_old/ddd9
http://www.msn.com
http://back19e64ea00d6ecfe1.io/C
http://84b5a35d6e5335ef.com/info_old/w
https://www.messenger.com/
https://duckduckgo.com/ac/?q=
http://BDC347C728B2D94D.com/_1;
http://55BE681FC6760236.com/o/
https://duckduckgo.com/chrome_newtab
http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
http://www.nirsoft.net/
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
http://61D53B5A4BC1AB86.com/
http://www.xunlei.com/GET
http://schemas.xmlsoap.org/soap/encoding/
https://www.instagram.com/
https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=
http://images.outbrainimg.com/transform/v3/eyJpdSI6ImQ1Y2M3ZjUxNTk0ZjI1ZWI5NjQxNjllMjcxMDliYzA5MWY4N
https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%2
http://55be681fc6760236.com/
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
http://84B5A35D6E5335EF.com/info_old/ddd
http://back19e64ea00d6ecfe1.io/6
http://61d347c728b2d94d.com/
http://back19e64ea00d6ecfe1.io/7
https://cvision.media.net/new/300x300/2/189/9/46/83cfba42-7d45-4670-a4a7-a3211ca07534.jpg?v=9
https://www.messenger.com
http://back19e64ea00d6ecfe1.io/
http://crl.pki.goog/GTS1O1core.crl0
http://C431A802FF4A46B5.com/p
http://C431A802FF4A46B5.com/info_old/ddd
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
http://www.msn.com/?ocid=iehp
http://C431A802FF4A46B5.com//L
http://charlesproxy.com/ssl

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\26FF190E7AE0F7C7.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\26FF190E7AE0F7C7.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	ASCII text, with very long lines	#
Click to see the 34 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Temp\download\atl71.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MSI429C.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\download\download_user.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\download\msvcp71.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\download\msvcr71.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\download\zlib1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ecv743B.tmp	Extensible storage user DataBase, version 0x620, checksum 0xceb20a5a, page size 32768, DirtyShutdown, Windows version 10.0	#
C:\Users\user\AppData\Local\Temp\gdiview.msi	;1033	#
C:\Users\user\AppData\Local\Temp\xldl.dat	7-zip archive data, version 0.3	#
C:\Users\user\AppData\Local\Temp\xldl.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Web Data1618257874860	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\crx.7z	7-zip archive data, version 0.3	#
C:\Users\user\AppData\Local\crx.json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Localwebdata1618257874860	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Roaming\1618257864703.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\1618257864703.txt	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Cookies1618257864625	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Temp\1618257956794	7-zip archive data, version 0.3	#
C:\Users\user\AppData\Local\Temp\1618257925550	7-zip archive data, version 0.3	#
C:\Users\user\AppData\Local\Login Data1618257873797	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Login Data1618257834647	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\popup.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\popup.html	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\manifest.json	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\jquery-1.8.3.min.js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\icon48.png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\icon.png	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\book.js	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmpccmnlckpmkfkalfhgcabmenkidie\1.0.0.0_0\background.js	ASCII text	#
C:\Users\user\AppData\Local\Cookies1618257873906	SQLite 3.x database, last written using SQLite version 3032001	#

SecuriteInfo.com.Trojan.Siggen12.33370.30028.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

SecuriteInfo.com.Trojan.Siggen12.33370.30028.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

Search started

SecuriteInfo.com.Trojan.Siggen12.33370.30028.exe