Overview

overview

10

Static

static

bdc0968a6b...7b.exe

windows7_x64

10

bdc0968a6b...7b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdc0968a6b40243c3b54fe554fa7567b.exe

  • Size

    67KB

  • Sample

    201128-3wsgzw9sva

  • MD5

    bdc0968a6b40243c3b54fe554fa7567b

  • SHA1

    49d48d747cfbe8310161600d2ae8c7a01f7c74cd

  • SHA256

    01b3da80517886f0b91023294da6be87ec44dd87eadc39b9141950fc54f96783

  • SHA512

    5d715b1334d816a06ab694aa7810e3b1fe56d729a387b2a95dfef6d17cdbf11a1e674d98784681e0d3b4fe752721b02c0d9826f74881027fcfd923cf0574871c

Score
10/10
phorphiexxmrigevasionloaderminerpersistencetrojanupxworm

Malware Config

Targets

    • Target

      bdc0968a6b40243c3b54fe554fa7567b.exe

    • Size

      67KB

    • MD5

      bdc0968a6b40243c3b54fe554fa7567b

    • SHA1

      49d48d747cfbe8310161600d2ae8c7a01f7c74cd

    • SHA256

      01b3da80517886f0b91023294da6be87ec44dd87eadc39b9141950fc54f96783

    • SHA512

      5d715b1334d816a06ab694aa7810e3b1fe56d729a387b2a95dfef6d17cdbf11a1e674d98784681e0d3b4fe752721b02c0d9826f74881027fcfd923cf0574871c

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanwormxmrigminerupx

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks