phoenixstealer | ee2a409ae326aff4f83f4511830db7dfaef380cedbe7ac1f50bbabbfb3332c75

General

Target

ee2a409ae326aff4f83f4511830db7dfaef380cedbe7ac1f50bbabbfb3332c75.exe
Size

545KB
MD5

41a5480dd4a52a4881c31f9d79d89945
SHA1

31c212484b4fbd210b9525df676ad816802b554e
SHA256

ee2a409ae326aff4f83f4511830db7dfaef380cedbe7ac1f50bbabbfb3332c75
SHA512

0b5a09bdc6483c58fab46726f4fe09ae87a3c6b5d14df40f20fe9aaf1addc5f178002cea103fec02a91a6dea96aaa4f89abbf413fb8e68b0aa26fc60263c0e18

Score

10^/10

phoenixstealer stealer

Malware Config

Signatures

PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
stealer phoenixstealer

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\e1a85885fd4453165061351651289cce8f8590c4	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT705A.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\f3535a3b47819a04c6d5ee18905493be086e801e	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT9856.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\a3f602ea4d534d006919a2613d91f9506b383314	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT68F5.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT6AF9.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\Cmn5TH6S2lFFnfMN8MLr2EoNUIAGzQo2UUjHGMEC99A=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT9660.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT9816.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT9565.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\LZOCjtiHKk8=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT6CFE.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT9330.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT94D7.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\5ondRmJ90JlkPETuN535TWk=	svchost.exe

C:\Users\Admin\AppData\Local\Temp\ee2a409ae326aff4f83f4511830db7dfaef380cedbe7ac1f50bbabbfb3332c75.exe
"C:\Users\Admin\AppData\Local\Temp\ee2a409ae326aff4f83f4511830db7dfaef380cedbe7ac1f50bbabbfb3332c75.exe"
1⤵
PID:4536

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Drops file in Windows directory
PID:4656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4656-134-0x000002138E980000-0x000002138E990000-memory.dmp

Filesize
64KB

Download
memory/4656-135-0x000002138F260000-0x000002138F270000-memory.dmp

Filesize
64KB

Download
memory/4656-136-0x0000021391800000-0x0000021391804000-memory.dmp

Filesize
16KB

Download
memory/4656-137-0x0000021391820000-0x0000021391824000-memory.dmp

Filesize
16KB

Download
memory/4656-138-0x0000021391820000-0x0000021391824000-memory.dmp

Filesize
16KB

Download
memory/4656-139-0x0000021391E80000-0x0000021391E84000-memory.dmp

Filesize
16KB

Download
memory/4656-140-0x0000021391E40000-0x0000021391E44000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads