Overview

overview

10

Static

static

6a571c4f16...c1.exe

windows7_x64

10

6a571c4f16...c1.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a571c4f162b1cd1c46abf16add0c1c1.exe

  • Size

    4.1MB

  • Sample

    220117-hgcmzshbbj

  • MD5

    6a571c4f162b1cd1c46abf16add0c1c1

  • SHA1

    4ff32013415028c03f5687535f3d144623c1e081

  • SHA256

    3ec3d7b4b3eeae490ae2f97ac7d52c0bec674384225d26a68d7b89ec84c60eaa

  • SHA512

    97e387cd027ad83ae90fe016bbdd246195e566ad4b0764015751277ca39906ba17648b2a2e9943015f00b58b0c5610ff636a8b065e8d452f993cf61b46f999b9

Score
10/10
phoenixstealerstealer

Malware Config

Targets

    • Target

      6a571c4f162b1cd1c46abf16add0c1c1.exe

    • Size

      4.1MB

    • MD5

      6a571c4f162b1cd1c46abf16add0c1c1

    • SHA1

      4ff32013415028c03f5687535f3d144623c1e081

    • SHA256

      3ec3d7b4b3eeae490ae2f97ac7d52c0bec674384225d26a68d7b89ec84c60eaa

    • SHA512

      97e387cd027ad83ae90fe016bbdd246195e566ad4b0764015751277ca39906ba17648b2a2e9943015f00b58b0c5610ff636a8b065e8d452f993cf61b46f999b9

    Score
    10/10
    phoenixstealerstealer

    • PhoenixStealer

      PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

      stealerphoenixstealer

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks