Overview

overview

10

Static

static

10

555513aa07...in.exe

windows7_x64

10

555513aa07...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    555513aa074aca680c4962f0078f43445a0d382e78046623d53203d8436bad99.bin

  • Size

    71KB

  • Sample

    211221-n21hfadce8

  • MD5

    c532ac418f3e867907c2757a7ca56a53

  • SHA1

    0583af526b3825a570237c0d954c445fb30948d3

  • SHA256

    555513aa074aca680c4962f0078f43445a0d382e78046623d53203d8436bad99

  • SHA512

    4d906dfa69bd84c5a7b37cb1139c9de2ce3025bcc6ee0f5d36444c9f75c31e03c8d06d6379ff7ba526a72cce319f979a9e2cbc18bd096e5d4bff53839761608c

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Targets

    • Target

      555513aa074aca680c4962f0078f43445a0d382e78046623d53203d8436bad99.bin

    • Size

      71KB

    • MD5

      c532ac418f3e867907c2757a7ca56a53

    • SHA1

      0583af526b3825a570237c0d954c445fb30948d3

    • SHA256

      555513aa074aca680c4962f0078f43445a0d382e78046623d53203d8436bad99

    • SHA512

      4d906dfa69bd84c5a7b37cb1139c9de2ce3025bcc6ee0f5d36444c9f75c31e03c8d06d6379ff7ba526a72cce319f979a9e2cbc18bd096e5d4bff53839761608c

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks