phoenix | 219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873 | Triage

Submit
Reports

Overview

overview

Static

static

219908bd56...73.exe

windows7_x64

219908bd56...73.exe

windows10-2004_x64

7

Sharing

General

Target

219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873
Size

134KB
Sample

220612-jym1qahad5
MD5

345c294e256214efdf5320452203f2d3
SHA1

421a8a5fae2e0bb8b97290731c405a74394c0cc1
SHA256

219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873
SHA512

9130d3a9cf445a2d3b30b0da2171db93dd19c26a640f67af797841337a68b23d5b48430cc90be410522378a3a614571f7c79fe5de969c89b27209de0ff76c8c8

Score

10^/10

phoenix collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873.exe

Resource

win7-20220414-en

phoenix collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873
- Size
  
  134KB
- MD5
  
  345c294e256214efdf5320452203f2d3
- SHA1
  
  421a8a5fae2e0bb8b97290731c405a74394c0cc1
- SHA256
  
  219908bd5651065041fc2333d2d77a5b7eaddeaaa6a103038b69ad6c4952a873
- SHA512
  
  9130d3a9cf445a2d3b30b0da2171db93dd19c26a640f67af797841337a68b23d5b48430cc90be410522378a3a614571f7c79fe5de969c89b27209de0ff76c8c8
Score

10^/10

phoenix collection keylogger spyware stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerspywarestealer

behavioral2

collectionspywarestealer

© 2018-2025

Terms | Privacy