phorphiex

General

Target

1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b
Size

454KB
Sample

220607-2w3mhafhh6
MD5

749ca850ede36a942a2ff2984313299f
SHA1

b1d42108b09427c61e846b8f4f819cfe78f922a6
SHA256

1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b
SHA512

5092010bf481b619d53ee20d4be12f5383429aeaec6e8991eb6ccaecdbb25bdf7d729d044d4d39227888230689877829dd8406c4c8f5154fdac7bd48f78063ea

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

Wallets

13cQ2H6oszrEnvw1ZGdsPix9gUayB8tzNa

qr5pm4d27z250wpz4sfy08ytghxn56kryvsw5tdw99

XfrM8P9YWSg8mQTxSCCxyHUeQjMEGx8vnE

DSG5PddW9wu1eKdLcx4f3KBF4wUvaBFaGc

0x373b9854c9e4511b920372f5495640cdc25d6832

LSermtCTLWeS683x17AtYuhNT8MpMmVmi8

t1XgRHyGj6YDNqkS5EWwdcXG1rjQPFFdUsR

Targets

- Target
  
  1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b
- Size
  
  454KB
- MD5
  
  749ca850ede36a942a2ff2984313299f
- SHA1
  
  b1d42108b09427c61e846b8f4f819cfe78f922a6
- SHA256
  
  1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b
- SHA512
  
  5092010bf481b619d53ee20d4be12f5383429aeaec6e8991eb6ccaecdbb25bdf7d729d044d4d39227888230689877829dd8406c4c8f5154fdac7bd48f78063ea
Score

10^/10

phorphiex evasion loader persistence suricata trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

3

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2