sample_2.bin

General
Target

sample_2.bin

Size

288KB

Sample

201029-ag9m3688b2

Score
10 /10
MD5

c42599e95105b0f96915f009cf9b0956

SHA1

591049db2ec06a767ccc107a580470e85a094c58

SHA256

580006399ce81551ccf09b2ff057eb3a1a8b74cd2234419292f9cdc79945fb16

SHA512

d869ff010821bdc8046ed9632eccefb887c0be9c65b71bf66adebced69cfd815300388a5bc86030c660f40f2add2ec21c1d15b9d8ac05a26bd0cc8c836f7b6a1

Malware Config

Extracted

Credentials

Protocol: smtp

Host: smtp.mail.com

Port: 587

Username: syounus.ega-ae@mail.com

Password: favour1997

Targets
Target

sample_2.bin

MD5

c42599e95105b0f96915f009cf9b0956

Filesize

288KB

Score
10 /10
SHA1

591049db2ec06a767ccc107a580470e85a094c58

SHA256

580006399ce81551ccf09b2ff057eb3a1a8b74cd2234419292f9cdc79945fb16

SHA512

d869ff010821bdc8046ed9632eccefb887c0be9c65b71bf66adebced69cfd815300388a5bc86030c660f40f2add2ec21c1d15b9d8ac05a26bd0cc8c836f7b6a1

Tags

Signatures

  • Phoenix Keylogger

    Description

    Phoenix is a keylogger and info stealer first seen in July 2019.

    Tags

  • Phoenix Keylogger Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10