Overview

overview

10

Static

static

URLScan

urlscan

1

https://www.swisstra...

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.swisstransfer.com/d/99ffb65f-7fe9-40f6-a462-f86a565c6814

  • Sample

    220621-kpr4racecn

Score
10/10
phoenixstealerpyinstallerspywarestealersuricataupx

Malware Config

Targets

    • Target

      https://www.swisstransfer.com/d/99ffb65f-7fe9-40f6-a462-f86a565c6814

    Score
    10/10
    phoenixstealerpyinstallerspywarestealersuricataupx

    • PhoenixStealer

      PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

      stealerphoenixstealer

    • suricata: ET MALWARE Win32/HunterStealer/AlfonsoStealer/PhoenixStealer CnC Exfil

      suricata: ET MALWARE Win32/HunterStealer/AlfonsoStealer/PhoenixStealer CnC Exfil

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks