phoenix | 6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f | Triage

Submit
Reports

Overview

overview

Static

static

5

6df263204a...6f.exe

windows7_x64

6df263204a...6f.exe

windows10-2004_x64

Sharing

General

Target

6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f
Size

1.1MB
Sample

220625-fxm3jsfecj
MD5

a88e79274795697c4b5d5e0bdfc4324f
SHA1

49181a79f3ce67411a954295d120c7dfadac4707
SHA256

6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f
SHA512

9a4038bdc2fc8118d93a151e4d891310dce8649652142713cc563e874125ab6fa6fc8cf344fdc7570bbda92650d5e43ea044d9523c361f40f5f139a1de2dce85

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f.exe

Resource

win7-20220414-en

phoenix collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
bhavnatutor.com
Port:
587
Username:
[email protected]
Password:
Onyeoba111

Targets

- Target
  
  6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f
- Size
  
  1.1MB
- MD5
  
  a88e79274795697c4b5d5e0bdfc4324f
- SHA1
  
  49181a79f3ce67411a954295d120c7dfadac4707
- SHA256
  
  6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f
- SHA512
  
  9a4038bdc2fc8118d93a151e4d891310dce8649652142713cc563e874125ab6fa6fc8cf344fdc7570bbda92650d5e43ea044d9523c361f40f5f139a1de2dce85
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

© 2018-2025

Terms | Privacy