phorphiex

General

Target

b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
Size

340KB
Sample

220701-f5bpgsdhdk
MD5

c73cff9e8afd69413185adb5b1ee319b
SHA1

fd0a136d08ede4cb79258252c423de43e1e6f961
SHA256

b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
SHA512

cd7196797b00d58bea070260b28824b6852c9f13d9791ee84123b0606d606bc51e2c605bd9a2508ad0cdc510403c77cc3b084bf7491f97892db1e4b093674a41

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://193.32.161.73/

Wallets

1Bn4JYKoVgQpZ73doWVFSNZBbwKj3cpJNR

qqsagteh4m6qunmgrrknulafzcdlmzn35yeggvq8qk

Xt8ZtCcG9BFoc7NfUNBVnxcTvYT4mmzh5i

D7otx94yAiXMUuuff23v8PAYH5XpkdQ89M

0x05F916216CC4BA6ac89b8093d474E2a1e6121c63

LUMrZN6GTetcrXtzMmRayLpRN9JrCNcTe7

t1PVHo3JR9ZAxMxRXgTziGBeDwfb5Gwm64z

Targets

- Target
  
  b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
- Size
  
  340KB
- MD5
  
  c73cff9e8afd69413185adb5b1ee319b
- SHA1
  
  fd0a136d08ede4cb79258252c423de43e1e6f961
- SHA256
  
  b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
- SHA512
  
  cd7196797b00d58bea070260b28824b6852c9f13d9791ee84123b0606d606bc51e2c605bd9a2508ad0cdc510403c77cc3b084bf7491f97892db1e4b093674a41
Score

10^/10

phorphiex evasion loader persistence trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

3

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2