Overview

overview

10

Static

static

465c8cac10...0a.exe

windows7_x64

10

465c8cac10...0a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    465c8cac1040a56b514c0998b998550a.exe

  • Size

    417KB

  • Sample

    201129-7dp81ssncs

  • MD5

    465c8cac1040a56b514c0998b998550a

  • SHA1

    41c27cfc57fb605d62accbb184875f57e49cc235

  • SHA256

    fe3428c2f1613c72ef1612b6876239ec8cc058628e8240664315359802215af1

  • SHA512

    5d948a544aea4eb4fc87e2ee248f4b0e67047bc4c5837f3bdcc46a5e7f7efb7d8afde5e9ba0b1571d12dc6f9283a39f11b3320c748e2a769cf4c0a6b268f2498

Score
10/10
phorphiexxmrigevasionloaderminerpersistencetrojanupxworm

Malware Config

Targets

    • Target

      465c8cac1040a56b514c0998b998550a.exe

    • Size

      417KB

    • MD5

      465c8cac1040a56b514c0998b998550a

    • SHA1

      41c27cfc57fb605d62accbb184875f57e49cc235

    • SHA256

      fe3428c2f1613c72ef1612b6876239ec8cc058628e8240664315359802215af1

    • SHA512

      5d948a544aea4eb4fc87e2ee248f4b0e67047bc4c5837f3bdcc46a5e7f7efb7d8afde5e9ba0b1571d12dc6f9283a39f11b3320c748e2a769cf4c0a6b268f2498

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanwormxmrigminerupx

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks