phorphiex | 64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532

General

Target

a.exe
Size

32KB
Sample

201105-81v9dzwbae
MD5

4a94758d9b8bed45249bffffbaaa0460
SHA1

fff1c09b6e710d1804716e6b6b6c055a899aa1fc
SHA256

64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532
SHA512

5d77477a4561723c9752a9666228df2dc2b5547eaac7b7507ea552b310bcee5b13a75a73f8e9fb7a466762e5f360bec197ce0b3a09abd7b13d5b7dfc865ff45b

Score

10^/10

Malware Config

Extracted

Path

C:\120162634617678\Read_Me.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://25xb3kc6azicbbuo.onion/?IXNDSIXN 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/

URLs

http://25xb3kc6azicbbuo.onion/?IXNDSIXN

http://helpqvrg3cc5mvb3.onion/

Extracted

Path

C:\20172306425313\Read_Me.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://25xb3kc6azicbbuo.onion/?WNOQSTVX 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/

URLs

http://25xb3kc6azicbbuo.onion/?WNOQSTVX

http://helpqvrg3cc5mvb3.onion/

Targets

- Target
  
  a.exe
- Size
  
  32KB
- MD5
  
  4a94758d9b8bed45249bffffbaaa0460
- SHA1
  
  fff1c09b6e710d1804716e6b6b6c055a899aa1fc
- SHA256
  
  64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532
- SHA512
  
  5d77477a4561723c9752a9666228df2dc2b5547eaac7b7507ea552b310bcee5b13a75a73f8e9fb7a466762e5f360bec197ce0b3a09abd7b13d5b7dfc865ff45b
Score

10^/10

phorphiex evasion loader persistence ransomware spyware trojan worm
- Phorphiex Worm
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies service
  persistence
behavioral1 behavioral2