General

  • Target

    0c77b260ee3fdd2754cd4f289efce709519aad34fa3cb84663655a6240e45973

  • Size

    272KB

  • Sample

    220529-3t6f2sadfm

  • MD5

    a24bb61df75034769ffdda61c7a25926

  • SHA1

    e4cbb1cca10bb1939a76a174db95c1aada4c5043

  • SHA256

    0c77b260ee3fdd2754cd4f289efce709519aad34fa3cb84663655a6240e45973

  • SHA512

    fb8787856a845b84458fde17a4477a89139d881a16768834bfffe2bd4b2c65ba2a84d7231e9cf5aaeb942d5e8251ec0e19e70b34bf700a6f19bcbf11ac1fb52c

Malware Config

Targets

    • Target

      0c77b260ee3fdd2754cd4f289efce709519aad34fa3cb84663655a6240e45973

    • Size

      272KB

    • MD5

      a24bb61df75034769ffdda61c7a25926

    • SHA1

      e4cbb1cca10bb1939a76a174db95c1aada4c5043

    • SHA256

      0c77b260ee3fdd2754cd4f289efce709519aad34fa3cb84663655a6240e45973

    • SHA512

      fb8787856a845b84458fde17a4477a89139d881a16768834bfffe2bd4b2c65ba2a84d7231e9cf5aaeb942d5e8251ec0e19e70b34bf700a6f19bcbf11ac1fb52c

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex Payload

    • Phorphiex Worm

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • suricata: ET MALWARE APT-C-23 Activity (GET)

      suricata: ET MALWARE APT-C-23 Activity (GET)

    • suricata: ET MALWARE Phorpiex CnC Domain in DNS Lookup

      suricata: ET MALWARE Phorpiex CnC Domain in DNS Lookup

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks