General

  • Target

    5d91a29ea526e4630883fd17a5e43f9b.exe

  • Size

    31KB

  • Sample

    201117-zjj86g3ypa

  • MD5

    5d91a29ea526e4630883fd17a5e43f9b

  • SHA1

    6615060efc5b5d439a6ac0246d9668c797e98692

  • SHA256

    a86bc10b92d0cdefbbcb2e58ea78b165ff8983599356ceb81311f92c759bf36f

  • SHA512

    329bd44f37812a54b468fdb06665aa93bf434aa4f5f1c6dbb68c1f86a5e3bd900929387407edbd6ed6ba6c148fff0136113be4fa11fb08431dedd6be817ac7c1

Malware Config

Targets

    • Target

      5d91a29ea526e4630883fd17a5e43f9b.exe

    • Size

      31KB

    • MD5

      5d91a29ea526e4630883fd17a5e43f9b

    • SHA1

      6615060efc5b5d439a6ac0246d9668c797e98692

    • SHA256

      a86bc10b92d0cdefbbcb2e58ea78b165ff8983599356ceb81311f92c759bf36f

    • SHA512

      329bd44f37812a54b468fdb06665aa93bf434aa4f5f1c6dbb68c1f86a5e3bd900929387407edbd6ed6ba6c148fff0136113be4fa11fb08431dedd6be817ac7c1

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Tasks