phorphiex | f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241 | Triage

Submit
Reports

Overview

overview

Static

static

f878382efb...41.exe

windows7_x64

f878382efb...41.exe

windows10_x64

Resubmissions

12-11-2021 18:04

211112-wnsjnsdhh4 10

01-10-2021 16:29

211001-tza3nacdfk 10

Sharing

General

Target

f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
Size

75KB
Sample

211001-tza3nacdfk
MD5

4ece4d073b759e00584078490e1424f8
SHA1

a4ec941cfcc1e8151da0bbb5aabe8e5a8d88f6dc
SHA256

f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
SHA512

0c79c74c8f7111a9d6904cfa03b64925ab8b64efe6121eac8836371558672017753af22f7cbb9f2ce3e63642dc2c4b039a6860e33e130fa693596b77896f4654

Score

10^/10

phorphiex evasion loader persistence suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241.exe

Resource

win7v20210408

phorphiex evasion loader persistence trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241.exe

Resource

win10-en-20210920

phorphiex evasion loader persistence suricata trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
- Size
  
  75KB
- MD5
  
  4ece4d073b759e00584078490e1424f8
- SHA1
  
  a4ec941cfcc1e8151da0bbb5aabe8e5a8d88f6dc
- SHA256
  
  f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
- SHA512
  
  0c79c74c8f7111a9d6904cfa03b64925ab8b64efe6121eac8836371558672017753af22f7cbb9f2ce3e63642dc2c4b039a6860e33e130fa693596b77896f4654
Score

10^/10

phorphiex evasion loader persistence trojan worm suricata
- Phorphiex Payload
- Phorphiex Worm
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencetrojanworm

behavioral2

phorphiexevasionloaderpersistencesuricatatrojanworm

© 2018-2024

Terms | Privacy