Extracted

• • Target

    134a896fb7252b21691838eb53f6f96e6ac8f36003775e384d786e3a44ef1ca1

  • Size

    1.1MB

  • MD5

    c0d37786bce4f2f4d4df35af22c44f5b

  • SHA1

    f104bcd6236f4762df8d85a159e64759ac4a2d5f

  • SHA256

    134a896fb7252b21691838eb53f6f96e6ac8f36003775e384d786e3a44ef1ca1

  • SHA512

    c14c675823fdf736fc06d1b23537a3a33f03823f1d0ea9d94b0811749fb4005d252aebc1a96f7563461b75387f219c04ba2c931d9937312de381a1c6b0954b40

  Score

  10^/10

  phoenixcollectionkeyloggerstealer

  • Phoenix Keylogger

    Phoenix is a keylogger and info stealer first seen in July 2019.

    stealerkeyloggerphoenix

  • Phoenix Keylogger Payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2