General

  • Target

    85c4f05bdc2c39858288c67d41db3e86.exe

  • Size

    37KB

  • Sample

    210105-682gy9h2fe

  • MD5

    85c4f05bdc2c39858288c67d41db3e86

  • SHA1

    7ccf8a4822b6122a16d7252033da3536145715de

  • SHA256

    7c419f22e51f37be0c483bbf3c320c40b6939785896b756c504af5de5b46237f

  • SHA512

    d1d5f9eca0201701580a2a0afd703f00daf7502e979a6687de64319fd2327ca7a686c14c7b8bab8a8aab010d3a71e324e56bd1bd19b001b48a189601f3e0b757

Malware Config

Targets

    • Target

      85c4f05bdc2c39858288c67d41db3e86.exe

    • Size

      37KB

    • MD5

      85c4f05bdc2c39858288c67d41db3e86

    • SHA1

      7ccf8a4822b6122a16d7252033da3536145715de

    • SHA256

      7c419f22e51f37be0c483bbf3c320c40b6939785896b756c504af5de5b46237f

    • SHA512

      d1d5f9eca0201701580a2a0afd703f00daf7502e979a6687de64319fd2327ca7a686c14c7b8bab8a8aab010d3a71e324e56bd1bd19b001b48a189601f3e0b757

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Tasks