Overview

overview

10

Static

static

10

VolDriver.exe

windows7_x64

10

VolDriver.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b40942909d90f88288fe562ae7b0f693-sample.zip

  • Size

    37KB

  • Sample

    220401-rhqexaggfn

  • MD5

    77eae050d2432278cf301d5580dde0b8

  • SHA1

    6f8c8e7f15bcddc0cd73b23b514db1e75ec6477e

  • SHA256

    98fdb8aaaf1fe91768175e0ba7bc8090b98c9a6771b610c9e6add2260ea9fca8

  • SHA512

    0107fb38a26308ee535ee4b6dcfd329b12359f01f81f6ae6684f2a189fd56b0a65af71cc555ec3943616fc613dbb5cdbf7a9d15b62e7591be3881578a4454a8d

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Targets

    • Target

      VolDriver.exe

    • Size

      72KB

    • MD5

      bd5f71fcdba70236587930dddef0e59a

    • SHA1

      4c47a7d780fb06a05763be682f6694de93e609b0

    • SHA256

      143e15adc8d63526b124a401fe1182a44542fb79f22fc17c602151a839c22682

    • SHA512

      98b05fd4fae3ff5c3f433fe82cec481ef8c040fa80fc92ad01b2d9bb9f95f5cd898e49efd253d62043a2e5db71c737ea44bf8440b3f4497f66efe059ca1075cf

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks