Overview

overview

10

Static

static

5

24b606e90f...7e.exe

windows7_x64

10

24b606e90f...7e.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24b606e90fbdf9736179471badae4d3943bbe17e7e5c8015e96b3dd69f54827e

  • Size

    1.1MB

  • Sample

    220611-z9xmasdcg6

  • MD5

    eb1592d5d1022087851724734ff8d258

  • SHA1

    75a2db62fdbb50ef2faf0b81345269626e49dc3c

  • SHA256

    24b606e90fbdf9736179471badae4d3943bbe17e7e5c8015e96b3dd69f54827e

  • SHA512

    64b7f6f8c949cd4d510c85abc4a6251133eb823544791de26423a9132caa89b7c3582728f55e7d0b487fe3315abce7b9322a00788206ab36c0a7915ccccb5319

Score
10/10
phoenixcollectionkeyloggerstealer

Malware Config

Targets

    • Target

      24b606e90fbdf9736179471badae4d3943bbe17e7e5c8015e96b3dd69f54827e

    • Size

      1.1MB

    • MD5

      eb1592d5d1022087851724734ff8d258

    • SHA1

      75a2db62fdbb50ef2faf0b81345269626e49dc3c

    • SHA256

      24b606e90fbdf9736179471badae4d3943bbe17e7e5c8015e96b3dd69f54827e

    • SHA512

      64b7f6f8c949cd4d510c85abc4a6251133eb823544791de26423a9132caa89b7c3582728f55e7d0b487fe3315abce7b9322a00788206ab36c0a7915ccccb5319

    Score
    10/10
    phoenixcollectionkeyloggerstealer

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks