phoenix | 1c3b60712c5fae9fb4ebb0b3bd05514d4d02727d65826f3f56d9aeaa74d50690 | Triage

Submit
Reports

Overview

overview

Static

static

79d50ae555...c0.exe

windows7_x64

79d50ae555...c0.exe

windows10_x64

Sharing

General

Target

79d50ae5556085107d0f9d3c1b7d36c0
Size

122KB
Sample

201029-jclghn42la
MD5

79d50ae5556085107d0f9d3c1b7d36c0
SHA1

972edd0f749c622b3f2f8fb1ee2c68ae4ad53ffc
SHA256

1c3b60712c5fae9fb4ebb0b3bd05514d4d02727d65826f3f56d9aeaa74d50690
SHA512

575406f98803c393f27d67ec88f500c4b990e58494c24e1f8c0374a47f44ec5ea4f31bb7693b0363f67e3e20ffeed679862c3970011b660a39d5a8535d4eef16

Score

10^/10

phoenix keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

79d50ae5556085107d0f9d3c1b7d36c0.exe

Resource

win7v20201028

phoenix keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

79d50ae5556085107d0f9d3c1b7d36c0.exe

Resource

win10v20201028

phoenix keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  79d50ae5556085107d0f9d3c1b7d36c0
- Size
  
  122KB
- MD5
  
  79d50ae5556085107d0f9d3c1b7d36c0
- SHA1
  
  972edd0f749c622b3f2f8fb1ee2c68ae4ad53ffc
- SHA256
  
  1c3b60712c5fae9fb4ebb0b3bd05514d4d02727d65826f3f56d9aeaa74d50690
- SHA512
  
  575406f98803c393f27d67ec88f500c4b990e58494c24e1f8c0374a47f44ec5ea4f31bb7693b0363f67e3e20ffeed679862c3970011b660a39d5a8535d4eef16
Score

10^/10

phoenix keylogger spyware stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixkeyloggerspywarestealer

behavioral2

phoenixkeyloggerspywarestealer

© 2018-2024

Terms | Privacy