Overview

overview

10

Static

static

URLScan

urlscan

1

https://disk.yandex....

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://disk.yandex.ru/d/Aa7DcDjnhrYs7A

  • Sample

    220210-bz7gracdar

Score
10/10
phoenixstealerxmrigminerspywarestealersuricata

Malware Config

Targets

    • Target

      https://disk.yandex.ru/d/Aa7DcDjnhrYs7A

    Score
    10/10
    phoenixstealerxmrigminerspywarestealersuricata

    • PhoenixStealer

      PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

      stealerphoenixstealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • suricata: ET MALWARE Win32/HunterStealer/AlfonsoStealer/PhoenixStealer CnC Exfil

      suricata: ET MALWARE Win32/HunterStealer/AlfonsoStealer/PhoenixStealer CnC Exfil

      suricata

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks