Overview

overview

10

Static

static

c7cf7d0b57...1a.exe

windows7_x64

1

c7cf7d0b57...1a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7cf7d0b57ec48df2c660cbaaa2f921a.exe

  • Size

    1.3MB

  • Sample

    201226-zlm4qqkdj2

  • MD5

    c7cf7d0b57ec48df2c660cbaaa2f921a

  • SHA1

    d0d508fdc7ae75868db9e7f1693982d066723a87

  • SHA256

    53cae19aa470b038966c47f8e7361fde1da99f4f54ea97ab3fb7198506ecbc3d

  • SHA512

    2d69e9e72f16ccea4e9353b50890f29ba9a870fda63e7650a98048caf8ae77ceb26cd939fd9a25806d43ee20f6ed55e175d3c3822337dc1be4aa807994306d71

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Targets

    • Target

      c7cf7d0b57ec48df2c660cbaaa2f921a.exe

    • Size

      1.3MB

    • MD5

      c7cf7d0b57ec48df2c660cbaaa2f921a

    • SHA1

      d0d508fdc7ae75868db9e7f1693982d066723a87

    • SHA256

      53cae19aa470b038966c47f8e7361fde1da99f4f54ea97ab3fb7198506ecbc3d

    • SHA512

      2d69e9e72f16ccea4e9353b50890f29ba9a870fda63e7650a98048caf8ae77ceb26cd939fd9a25806d43ee20f6ed55e175d3c3822337dc1be4aa807994306d71

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks