phorphiex | f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241

Resubmissions

12-11-2021 18:04

211112-wnsjnsdhh4 10

01-10-2021 16:29

211001-tza3nacdfk 10

Sharing

Copy URL

Twitter E-mail

General

Target

f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
Size

75KB
Sample

211112-wnsjnsdhh4
MD5

4ece4d073b759e00584078490e1424f8
SHA1

a4ec941cfcc1e8151da0bbb5aabe8e5a8d88f6dc
SHA256

f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
SHA512

0c79c74c8f7111a9d6904cfa03b64925ab8b64efe6121eac8836371558672017753af22f7cbb9f2ce3e63642dc2c4b039a6860e33e130fa693596b77896f4654

Score

10^/10

Malware Config

Targets

- Target
  
  f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
- Size
  
  75KB
- MD5
  
  4ece4d073b759e00584078490e1424f8
- SHA1
  
  a4ec941cfcc1e8151da0bbb5aabe8e5a8d88f6dc
- SHA256
  
  f878382efbdcff1151e93bc9ca4c016e72a0c424137728995ad722a36ce37241
- SHA512
  
  0c79c74c8f7111a9d6904cfa03b64925ab8b64efe6121eac8836371558672017753af22f7cbb9f2ce3e63642dc2c4b039a6860e33e130fa693596b77896f4654
Score

10^/10

phorphiex evasion loader persistence trojan worm
- Phorphiex Payload
- Phorphiex Worm
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Registers COM server for autorun
  persistence
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Phorphiex Payload

Phorphiex Worm

Registers COM server for autorun

Windows security bypass

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7