Overview

overview

10

Static

static

5

1610e2a712...9e.exe

windows7_x64

10

1610e2a712...9e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1610e2a7126a6cc0b0d59a29e1d746598f7747ca2ff247efaac51ad7c5dc1a9e

  • Size

    3.0MB

  • Sample

    220609-fpndcahfb9

  • MD5

    d521d655192981cfb27afe104a2588a1

  • SHA1

    b0a8e03522eac934b5d1215095d98b240504d045

  • SHA256

    1610e2a7126a6cc0b0d59a29e1d746598f7747ca2ff247efaac51ad7c5dc1a9e

  • SHA512

    5a0d4d5468f01b7e1143dac5c9b19df982ef320e75f4d277bf595107095d2c4939439931618b243d92b8ae2b12e45f51b619198c289128bfb74106487f562f45

Score
10/10
phoenixcollectionkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    silverlinehospital.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bukky101@

Targets

    • Target

      1610e2a7126a6cc0b0d59a29e1d746598f7747ca2ff247efaac51ad7c5dc1a9e

    • Size

      3.0MB

    • MD5

      d521d655192981cfb27afe104a2588a1

    • SHA1

      b0a8e03522eac934b5d1215095d98b240504d045

    • SHA256

      1610e2a7126a6cc0b0d59a29e1d746598f7747ca2ff247efaac51ad7c5dc1a9e

    • SHA512

      5a0d4d5468f01b7e1143dac5c9b19df982ef320e75f4d277bf595107095d2c4939439931618b243d92b8ae2b12e45f51b619198c289128bfb74106487f562f45

    Score
    10/10
    phoenixcollectionkeyloggerstealer

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks