Extracted

• • Target

    21780b952189ccfb91fd35963d08aea3bb970da39052c9615fcdbf173dfaa577

  • Size

    1.1MB

  • MD5

    c3e4da6ab5aeea86e7410d5cf7591dc4

  • SHA1

    3050f604b87fa992429c2341e8f0c85f770ec80d

  • SHA256

    21780b952189ccfb91fd35963d08aea3bb970da39052c9615fcdbf173dfaa577

  • SHA512

    8b318c0f846d55ae9dff5cff7d8d8414fafef1a75594aaa68d378154f54a58b4a70475b9f4bd25c7f669e941ace921ecc09fd6570e8283427215b92915c370ad

  Score

  10^/10

  phoenixcollectionkeyloggerstealer

  • Phoenix Keylogger

    Phoenix is a keylogger and info stealer first seen in July 2019.

    stealerkeyloggerphoenix

  • Phoenix Keylogger Payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2