phorphiex

General

Target

d9edee0541b9a5baf2cb2b1915aef1d034efd4edd4b3c030b508669da1e2aaf2
Size

418KB
Sample

220625-ja18fabbgp
MD5

36a8bf060f86867226c4268b41965e48
SHA1

39aaf27ac2f3d346a181dc74fa4555da429580fe
SHA256

d9edee0541b9a5baf2cb2b1915aef1d034efd4edd4b3c030b508669da1e2aaf2
SHA512

ac39821cf66124393f9dcf42c0501f5c6a20ebd9cc6b5034ecf13f30e13ca8900efc738aa5d060545da8969dec5c46f7105d01ff27f4836e787268925b83bb47

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

Wallets

18bzpjFfo5JQ41GzzUNRMgcE7WwQwpqFrR

qzrlc85n7vu220yz2ev2vzdyanzpewfx4y9ntufhuz

XhEqUEiD1bLxA8mRePYqLSqzZfLXp1X74m

D6tmLUzcMLo6iMCjG8NCgTefkn5tw3L5Lm

0xab1b250d67d08bf73ac864ea57af8cf762a29649

LhGa2pRATCyusFbYRhJSoyXrx3om9Yxnca

t1ZaBJjdvxKaqTmNV2qjDVK3FtpLL73ZXcj

Targets

- Target
  
  d9edee0541b9a5baf2cb2b1915aef1d034efd4edd4b3c030b508669da1e2aaf2
- Size
  
  418KB
- MD5
  
  36a8bf060f86867226c4268b41965e48
- SHA1
  
  39aaf27ac2f3d346a181dc74fa4555da429580fe
- SHA256
  
  d9edee0541b9a5baf2cb2b1915aef1d034efd4edd4b3c030b508669da1e2aaf2
- SHA512
  
  ac39821cf66124393f9dcf42c0501f5c6a20ebd9cc6b5034ecf13f30e13ca8900efc738aa5d060545da8969dec5c46f7105d01ff27f4836e787268925b83bb47
Score

10^/10

phorphiex evasion loader persistence suricata trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

3

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2