Overview

overview

10

Static

static

5

3a7e74024c...ee.exe

windows7_x64

10

3a7e74024c...ee.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a7e74024c233663dc9b627117a4df291f5a413cc829b5282f090941254365ee

  • Size

    1.1MB

  • Sample

    220625-d14hlaefh9

  • MD5

    f0a7a1ef68bf80596ec2048e4740cde2

  • SHA1

    31ea4c2649c0f7d6ac86e277aee377a149df38b0

  • SHA256

    3a7e74024c233663dc9b627117a4df291f5a413cc829b5282f090941254365ee

  • SHA512

    324510cffabe2dc6a26dc7f52c645bff2946fe0de70c04204af1d7f575833562bc352a3a87b7c3048247c4e777c0b0c094d95b1843a6d31f02dcc415cd7f0eea

Score
10/10
phoenixcollectionkeyloggerstealer

Malware Config

Targets

    • Target

      3a7e74024c233663dc9b627117a4df291f5a413cc829b5282f090941254365ee

    • Size

      1.1MB

    • MD5

      f0a7a1ef68bf80596ec2048e4740cde2

    • SHA1

      31ea4c2649c0f7d6ac86e277aee377a149df38b0

    • SHA256

      3a7e74024c233663dc9b627117a4df291f5a413cc829b5282f090941254365ee

    • SHA512

      324510cffabe2dc6a26dc7f52c645bff2946fe0de70c04204af1d7f575833562bc352a3a87b7c3048247c4e777c0b0c094d95b1843a6d31f02dcc415cd7f0eea

    Score
    10/10
    phoenixcollectionkeyloggerstealer

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks