Overview

overview

10

Static

static

fGv4Ub5CXn...4h.exe

windows10_x64

10

fGv4Ub5CXn...4h.exe

windows10-2004_x64

10

fGv4Ub5CXn...4h.exe

windows11_x64

Analysis

  • max time kernel
    29s
  • max time network
    21s
  • platform
    windows10_x64
  • resource
    win10-20220223-en
  • submitted
    19-03-2022 05:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fGv4Ub5CXnXURJ4g2dBLT9BUmoeKz64h.exe

  • Size

    545KB

  • MD5

    0f63a487555ec2b8bdada114f55cd2f3

  • SHA1

    a3ef0914468013a9bcf6dd6cca79b7fa18494327

  • SHA256

    854f58be2f8c4e2b9305911f908d675d14341d460218828b8c190a41f633e28d

  • SHA512

    365cddac8aa211502a44416072ff1cf2b9a3c84ed9845eda8509b69d3ffdd74e11fa7018b030a358b62dfda3d06c4a8baf0b81d36ec5dee55a36cb5199d02e04

Score
10/10
phoenixstealerspywarestealer

Malware Config

Signatures

  • PhoenixStealer

    PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

    stealerphoenixstealer
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fGv4Ub5CXnXURJ4g2dBLT9BUmoeKz64h.exe
    "C:\Users\Admin\AppData\Local\Temp\fGv4Ub5CXnXURJ4g2dBLT9BUmoeKz64h.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3572
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AddMount.wmv"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads