General

  • Target

    054aa86766b5ef93e48ec2c301ac89106740b39f8fa983e9f33ebe3f460d1868

  • Size

    360KB

  • Sample

    220527-wz4q3sfhg6

  • MD5

    d385e431a836a44a1ce9c8338017b09f

  • SHA1

    dcdcc7b5bab4bca407243d48b0220158ee5df97c

  • SHA256

    054aa86766b5ef93e48ec2c301ac89106740b39f8fa983e9f33ebe3f460d1868

  • SHA512

    d3bf50e67ecf4cbdb6b1b04f6a0cef630df58f0ff8396b4a1a1c825eecb51f2eaeef0e919589d4537bb2d86db6a9336db63c327f9ab71efe639a4093a5687e62

Malware Config

Targets

    • Target

      054aa86766b5ef93e48ec2c301ac89106740b39f8fa983e9f33ebe3f460d1868

    • Size

      360KB

    • MD5

      d385e431a836a44a1ce9c8338017b09f

    • SHA1

      dcdcc7b5bab4bca407243d48b0220158ee5df97c

    • SHA256

      054aa86766b5ef93e48ec2c301ac89106740b39f8fa983e9f33ebe3f460d1868

    • SHA512

      d3bf50e67ecf4cbdb6b1b04f6a0cef630df58f0ff8396b4a1a1c825eecb51f2eaeef0e919589d4537bb2d86db6a9336db63c327f9ab71efe639a4093a5687e62

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks