phorphiex

General

Target

3ecb650c471d7c8291d084fffd634da0eddc9a473d29792d5033fe5fdcbf4ddd
Size

400KB
Sample

220701-fsx2ysdchk
MD5

80f5f2296cae3bea63fc14a867d97dd4
SHA1

d3d87cc1e2f1d0df7ccc78e819fb58adc584caae
SHA256

3ecb650c471d7c8291d084fffd634da0eddc9a473d29792d5033fe5fdcbf4ddd
SHA512

163e2bd5fc1d85ddaa9aea7933ccde7e49733b256304695918c7ae2b6ff790235eeedba26a4a95c79554f924289d885f6796bd7136c46299c516ebdabb8eba1d

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

Wallets

13cQ2H6oszrEnvw1ZGdsPix9gUayB8tzNa

qr5pm4d27z250wpz4sfy08ytghxn56kryvsw5tdw99

XfrM8P9YWSg8mQTxSCCxyHUeQjMEGx8vnE

DSG5PddW9wu1eKdLcx4f3KBF4wUvaBFaGc

0x373b9854c9e4511b920372f5495640cdc25d6832

LSermtCTLWeS683x17AtYuhNT8MpMmVmi8

t1XgRHyGj6YDNqkS5EWwdcXG1rjQPFFdUsR

Targets

- Target
  
  3ecb650c471d7c8291d084fffd634da0eddc9a473d29792d5033fe5fdcbf4ddd
- Size
  
  400KB
- MD5
  
  80f5f2296cae3bea63fc14a867d97dd4
- SHA1
  
  d3d87cc1e2f1d0df7ccc78e819fb58adc584caae
- SHA256
  
  3ecb650c471d7c8291d084fffd634da0eddc9a473d29792d5033fe5fdcbf4ddd
- SHA512
  
  163e2bd5fc1d85ddaa9aea7933ccde7e49733b256304695918c7ae2b6ff790235eeedba26a4a95c79554f924289d885f6796bd7136c46299c516ebdabb8eba1d
Score

10^/10

phorphiex evasion loader persistence suricata trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

3

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

suricata: ET MALWARE APT-C-23 Activity (GET)

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2