Extracted

• • Target

    1666f3571f20bd83257e3525a05d141977ce18d0b30f0dfd9bd348498bc513bb

  • Size

    1.1MB

  • MD5

    28156d7fc9160b986943d897d013b7b6

  • SHA1

    1a855797cfcee582cbb7ff4bfcbe4c64a335010b

  • SHA256

    1666f3571f20bd83257e3525a05d141977ce18d0b30f0dfd9bd348498bc513bb

  • SHA512

    5ed50926318c6f2ce76f3bac25d35c5c87e0c548fe98dcde154c5655471f61cff491fe8df2971b71267ffb11cf3d0a4a8cb8a38ab5406d8721f7b7e7dd171699

  Score

  10^/10

  phoenixcollectionkeyloggerstealer

  • Phoenix Keylogger

    Phoenix is a keylogger and info stealer first seen in July 2019.

    stealerkeyloggerphoenix

  • Phoenix Keylogger Payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2