Extracted

• • Target

    1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b

  • Size

    454KB

  • MD5

    749ca850ede36a942a2ff2984313299f

  • SHA1

    b1d42108b09427c61e846b8f4f819cfe78f922a6

  • SHA256

    1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b

  • SHA512

    5092010bf481b619d53ee20d4be12f5383429aeaec6e8991eb6ccaecdbb25bdf7d729d044d4d39227888230689877829dd8406c4c8f5154fdac7bd48f78063ea

  Score

  10^/10

  phorphiexevasionloaderpersistencesuricatatrojanworm

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Phorphiex

    Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex

  • Phorphiex payload

  • Windows security bypass

    evasiontrojan

  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    suricata

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2