General

  • Target

    5788658835423232.zip

  • Size

    201KB

  • Sample

    210512-gtj7297qh6

  • MD5

    228e499c5d42b6b41dc123a27de6d9e9

  • SHA1

    dc26900de4c5c740fa29140b096a053ae2cc3899

  • SHA256

    5a651b2be779e145cde1ec5859f66a540c80e06af4504108fb8ed36396e463f9

  • SHA512

    c79c8521f6ffc183d7022f6bde94659302969b2d19c1f450b207dbd89a635fcd6d0ca4a14847eae55809bf49cfd9d9c2e96e90df7664556ccee80b2d53c16691

Malware Config

Targets

    • Target

      25f867b8065165d7876adb29673ac78be2a731ae82b9ea57eb54ba6479bc642e

    • Size

      818KB

    • MD5

      dd1aa660f2f24368dd58c5ce7a709b6c

    • SHA1

      a54d435a04d3e883b1773d1c8d439dc95628fa07

    • SHA256

      25f867b8065165d7876adb29673ac78be2a731ae82b9ea57eb54ba6479bc642e

    • SHA512

      a86738a5fd7915f3fbd9ddc8b5c3e01a936074749b7e8d14ceb91defef6657b5e5c1fc76fc6461b86424add2099c14b90c88b7b84de53928404562f2148b16b5

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks