phorphiex

General

Target

db627ff946ff64910cf909c81ae51294c4bb6477ee2c620aae1d0f7a7208b6b5
Size

454KB
Sample

220624-2m9pfsade9
MD5

87f19914a9966998a89839dbdc978d4f
SHA1

f7a14349ce4d889dac552451c91dddf7bc583245
SHA256

db627ff946ff64910cf909c81ae51294c4bb6477ee2c620aae1d0f7a7208b6b5
SHA512

6c25271d3a52c9f82c34789ed278a8b42565739eedb016cf622a7b488202d6b32bcab4d31edd2db500993b1a24a8debc2ec9e8f5270185ade362f8a28c89cf6b

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

Wallets

19mduWVW9QphW5W2caWF84wcGVSmASRYpf

qp5d3zpgldngtzf0xg2swnqaedfhn3kmsyhk7kp0yt

Xj2EfZ34QwSskhx4aRjWjGpLpMgNQWgYeV

DRkCr8Qum86fMBT3ceyzYBAGzD8pbRZmba

0xab1b250d67d08bf73ac864ea57af8cf762a29649

LVvqtuuqxcPbmqZ7VQju6kFTmQKZ58yXH2

t1dWznNU9rPvPLhmgUQTivyFYmCk4FhDKRc

Targets

- Target
  
  db627ff946ff64910cf909c81ae51294c4bb6477ee2c620aae1d0f7a7208b6b5
- Size
  
  454KB
- MD5
  
  87f19914a9966998a89839dbdc978d4f
- SHA1
  
  f7a14349ce4d889dac552451c91dddf7bc583245
- SHA256
  
  db627ff946ff64910cf909c81ae51294c4bb6477ee2c620aae1d0f7a7208b6b5
- SHA512
  
  6c25271d3a52c9f82c34789ed278a8b42565739eedb016cf622a7b488202d6b32bcab4d31edd2db500993b1a24a8debc2ec9e8f5270185ade362f8a28c89cf6b
Score

10^/10

phorphiex evasion loader persistence suricata trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

3

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2