phoenixstealer | 22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7 | Triage

Submit
Reports

Overview

overview

Static

static

000005.exe

windows7_x64

000005.exe

windows10-2004_x64

Sharing

General

Target

000005.EXE
Size

1.4MB
Sample

220217-sks49abde9
MD5

f69b832184bb5f7830e65bfeeda9906d
SHA1

c5c8d20594de19fa7ddbc1210c894cc7aa0c63c9
SHA256

22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7
SHA512

e15ee68cd6213cb8c4f1d3d22d63236536452ca344de1b7fe07d7aeaa3012faae7cb0bb09be10c254e7209dccdb775cd5156295183567bcdf492339c2834a822

Score

10^/10

phoenixstealer stealer

Static task

static1

Behavioral task

behavioral1

Sample

000005.exe

Resource

win7-en-20211208

phoenixstealer stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

000005.exe

Resource

win10v2004-en-20220113

phoenixstealer stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  000005.EXE
- Size
  
  1.4MB
- MD5
  
  f69b832184bb5f7830e65bfeeda9906d
- SHA1
  
  c5c8d20594de19fa7ddbc1210c894cc7aa0c63c9
- SHA256
  
  22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7
- SHA512
  
  e15ee68cd6213cb8c4f1d3d22d63236536452ca344de1b7fe07d7aeaa3012faae7cb0bb09be10c254e7209dccdb775cd5156295183567bcdf492339c2834a822
Score

10^/10

phoenixstealer stealer
- PhoenixStealer
  PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
  stealer phoenixstealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixstealerstealer

behavioral2

phoenixstealerstealer

© 2018-2024

Terms | Privacy