Overview

overview

10

Static

static

eee23a8f3e...1b.exe

windows7_x64

10

eee23a8f3e...1b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eee23a8f3e0b0cb2929057cb468f17297c7b46b1fc5c357e17b56ee6a605121b

  • Size

    590KB

  • Sample

    220201-c8kvsafecq

  • MD5

    61422ea7d3db9045112231b4897d4483

  • SHA1

    89e0adc43be18140f65add9bafcb3eb0440ea597

  • SHA256

    eee23a8f3e0b0cb2929057cb468f17297c7b46b1fc5c357e17b56ee6a605121b

  • SHA512

    dc689824c88aae3d48316e0799b49c7971d6064e96918a1e4cbcf6973cff9333568022f12d295df67f3bca4326bf547a4ec2ba8af68f102ef9db1e2f0694577f

Score
10/10
phorphiexevasionloaderpersistencesuricatatrojanworm

Malware Config

Targets

    • Target

      eee23a8f3e0b0cb2929057cb468f17297c7b46b1fc5c357e17b56ee6a605121b

    • Size

      590KB

    • MD5

      61422ea7d3db9045112231b4897d4483

    • SHA1

      89e0adc43be18140f65add9bafcb3eb0440ea597

    • SHA256

      eee23a8f3e0b0cb2929057cb468f17297c7b46b1fc5c357e17b56ee6a605121b

    • SHA512

      dc689824c88aae3d48316e0799b49c7971d6064e96918a1e4cbcf6973cff9333568022f12d295df67f3bca4326bf547a4ec2ba8af68f102ef9db1e2f0694577f

    Score
    10/10
    phorphiexevasionloaderpersistencesuricatatrojanworm

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • suricata: ET MALWARE APT-C-23 Activity (GET)

      suricata: ET MALWARE APT-C-23 Activity (GET)

      suricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Disabling Security Tools

3
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks