Malware Analysis Report

2024-09-22 15:25

Sample ID 220519-tctw9acbbr
Target 6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6
SHA256 6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6
Tags
phoenixstealer stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6

Threat Level: Known bad

The file 6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6 was found to be: Known bad.

Malicious Activity Summary

phoenixstealer stealer

PhoenixStealer

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-19 15:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-19 15:55

Reported

2022-05-19 15:57

Platform

win10v2004-20220414-en

Max time kernel

91s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6.exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6.exe

"C:\Users\Admin\AppData\Local\Temp\6e4916164ffe3995c1951f1d731fecad0e804539ab2faf56ad162a80f8e706d6.exe"

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
NL 8.238.21.126:80 tcp
NL 52.178.17.2:443 tcp
NL 104.110.191.140:80 tcp
NL 104.110.191.140:80 tcp
NL 104.110.191.140:80 tcp

Files

N/A