phorphiex | d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1 | Triage

Submit
Reports

Overview

overview

Static

static

d5516838db...d1.exe

windows7_x64

d5516838db...d1.exe

windows10_x64

Sharing

General

Target

d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1
Size

70KB
Sample

220130-2pdd2abegn
MD5

1f6e817f7722e3d830d1bfe27386c346
SHA1

d6a6ae7efa933ab1cb3dcf3a740d6de947281432
SHA256

d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1
SHA512

55ca3b8d0a51609c9b9ac48b11d69d01b2dd8593856a00ce087cf8f74de1d98fb8c13d4b1bd8ccfbd9bc11492d125ceb68d760fb3b6a0f016677bcf8725f7cf0

Score

10^/10

phorphiex xmrig evasion loader miner persistence trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1.exe

Resource

win7-en-20211208

phorphiex xmrig evasion loader miner persistence trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1.exe

Resource

win10-en-20211208

phorphiex xmrig evasion loader miner persistence trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1
- Size
  
  70KB
- MD5
  
  1f6e817f7722e3d830d1bfe27386c346
- SHA1
  
  d6a6ae7efa933ab1cb3dcf3a740d6de947281432
- SHA256
  
  d5516838dbec985f8e893bb145b364ee3f6060dec3d30967b21309041283dfd1
- SHA512
  
  55ca3b8d0a51609c9b9ac48b11d69d01b2dd8593856a00ce087cf8f74de1d98fb8c13d4b1bd8ccfbd9bc11492d125ceb68d760fb3b6a0f016677bcf8725f7cf0
Score

10^/10

phorphiex xmrig evasion loader miner persistence trojan worm
- Modifies security service
  evasion
- Phorphiex Payload
- Phorphiex Worm
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phorphiexxmrigevasionloaderminerpersistencetrojanworm

behavioral2

phorphiexxmrigevasionloaderminerpersistencetrojanworm

© 2018-2024

Terms | Privacy