Overview

overview

10

Static

static

10

371f00c6fd...86.exe

windows7_x64

10

371f00c6fd...86.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    371f00c6fdf9ee7012b15d210449b386.exe

  • Size

    112KB

  • Sample

    201107-zey2h79vce

  • MD5

    371f00c6fdf9ee7012b15d210449b386

  • SHA1

    a71705075250ad01e1bf17db23a9dc560803adc1

  • SHA256

    e053c19ffe23b6e0b58165395bfd1ed11b9df981e99ac8f6f5cfe9fcbddd2579

  • SHA512

    d5dfb821bcb796c1bbb84baf057660a3364d82dfa0bb432fd941f2ba6f22035a255a966383e6ab497370b9574faa21690fc6a875e416f9d4dcbe40d1ebbd86df

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Targets

    • Target

      371f00c6fdf9ee7012b15d210449b386.exe

    • Size

      112KB

    • MD5

      371f00c6fdf9ee7012b15d210449b386

    • SHA1

      a71705075250ad01e1bf17db23a9dc560803adc1

    • SHA256

      e053c19ffe23b6e0b58165395bfd1ed11b9df981e99ac8f6f5cfe9fcbddd2579

    • SHA512

      d5dfb821bcb796c1bbb84baf057660a3364d82dfa0bb432fd941f2ba6f22035a255a966383e6ab497370b9574faa21690fc6a875e416f9d4dcbe40d1ebbd86df

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks