Overview

overview

10

Static

static

26da382934...35.exe

windows7_x64

10

26da382934...35.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26da382934358b88380909763175433dcab69c8affe5e6e35f11a8f3318b5935

  • Size

    400KB

  • Sample

    220616-hwkl5sgahr

  • MD5

    30efefe9cd1f4997b696712742162719

  • SHA1

    ed2d09d53872a9d2c6614ab8cbee5b81b791f8cc

  • SHA256

    26da382934358b88380909763175433dcab69c8affe5e6e35f11a8f3318b5935

  • SHA512

    595f91d179314f82c2ffffa90c8510f707d0de7125924ac1dee89926ee45ad37f8beb47ae59a252e2deb1f985d908899371f362a853452c158a0f45d8c67e93b

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/inf/

Wallets

19mduWVW9QphW5W2caWF84wcGVSmASRYpf

qp5d3zpgldngtzf0xg2swnqaedfhn3kmsyhk7kp0yt

Xj2EfZ34QwSskhx4aRjWjGpLpMgNQWgYeV

DRkCr8Qum86fMBT3ceyzYBAGzD8pbRZmba

0xab1b250d67d08bf73ac864ea57af8cf762a29649

LVvqtuuqxcPbmqZ7VQju6kFTmQKZ58yXH2

t1dWznNU9rPvPLhmgUQTivyFYmCk4FhDKRc

Targets

    • Target

      26da382934358b88380909763175433dcab69c8affe5e6e35f11a8f3318b5935

    • Size

      400KB

    • MD5

      30efefe9cd1f4997b696712742162719

    • SHA1

      ed2d09d53872a9d2c6614ab8cbee5b81b791f8cc

    • SHA256

      26da382934358b88380909763175433dcab69c8affe5e6e35f11a8f3318b5935

    • SHA512

      595f91d179314f82c2ffffa90c8510f707d0de7125924ac1dee89926ee45ad37f8beb47ae59a252e2deb1f985d908899371f362a853452c158a0f45d8c67e93b

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Phorphiex payload

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Disabling Security Tools

3
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks