phorphiex

General

Target

b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
Size

340KB
Sample

220701-f5bpgsdhdk
MD5

c73cff9e8afd69413185adb5b1ee319b
SHA1

fd0a136d08ede4cb79258252c423de43e1e6f961
SHA256

b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
SHA512

cd7196797b00d58bea070260b28824b6852c9f13d9791ee84123b0606d606bc51e2c605bd9a2508ad0cdc510403c77cc3b084bf7491f97892db1e4b093674a41

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://193.32.161.73/

Wallets

1Bn4JYKoVgQpZ73doWVFSNZBbwKj3cpJNR

qqsagteh4m6qunmgrrknulafzcdlmzn35yeggvq8qk

Xt8ZtCcG9BFoc7NfUNBVnxcTvYT4mmzh5i

D7otx94yAiXMUuuff23v8PAYH5XpkdQ89M

0x05F916216CC4BA6ac89b8093d474E2a1e6121c63

LUMrZN6GTetcrXtzMmRayLpRN9JrCNcTe7

t1PVHo3JR9ZAxMxRXgTziGBeDwfb5Gwm64z

Targets

- Target
  
  b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
- Size
  
  340KB
- MD5
  
  c73cff9e8afd69413185adb5b1ee319b
- SHA1
  
  fd0a136d08ede4cb79258252c423de43e1e6f961
- SHA256
  
  b21161366811a20b0ea91afb9d3559828aa2e1480455ef9b42afb01d1fff104f
- SHA512
  
  cd7196797b00d58bea070260b28824b6852c9f13d9791ee84123b0606d606bc51e2c605bd9a2508ad0cdc510403c77cc3b084bf7491f97892db1e4b093674a41
Score

10^/10

phorphiex evasion loader persistence trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2