phorphiex | 7dc4c399b8c13bba3ec5460bfb227d9024b6997250ee850f45c54a805031c752

General

Target

7dc4c399b8c13bba3ec5460bfb227d9024b6997250ee850f45c54a805031c752
Size

84KB
Sample

220327-3dptcsadgr
MD5

01fb5198d7ba9f2da21cbdc772aa0c5b
SHA1

f4fe3b6e65fcfad2c0d357d2858a027b53d57e82
SHA256

7dc4c399b8c13bba3ec5460bfb227d9024b6997250ee850f45c54a805031c752
SHA512

b264e0c37be3467e8b29c43bf0de1f43572b0ad61b6a83812b4d30c326ff25d1576a494b38db5a6f1883bcd9e211ffc2076a7fde23beabe2b20ce05402a08a11

Score

10^/10

Malware Config

Targets

- Target
  
  7dc4c399b8c13bba3ec5460bfb227d9024b6997250ee850f45c54a805031c752
- Size
  
  84KB
- MD5
  
  01fb5198d7ba9f2da21cbdc772aa0c5b
- SHA1
  
  f4fe3b6e65fcfad2c0d357d2858a027b53d57e82
- SHA256
  
  7dc4c399b8c13bba3ec5460bfb227d9024b6997250ee850f45c54a805031c752
- SHA512
  
  b264e0c37be3467e8b29c43bf0de1f43572b0ad61b6a83812b4d30c326ff25d1576a494b38db5a6f1883bcd9e211ffc2076a7fde23beabe2b20ce05402a08a11
Score

10^/10

phorphiex evasion loader persistence suricata trojan worm
- Phorphiex Payload
- Phorphiex Worm
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata
- suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
  suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
  suricata
- suricata: ET MALWARE Phorpiex CnC Domain in DNS Query
  suricata: ET MALWARE Phorpiex CnC Domain in DNS Query
  suricata
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Phorphiex Payload

Phorphiex Worm

Windows security bypass

suricata: ET MALWARE APT-C-23 Activity (GET)

suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

suricata: ET MALWARE Phorpiex CnC Domain in DNS Query

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2