Overview

overview

10

Static

static

5

8c30bfac41...05.exe

windows7_x64

10

8c30bfac41...05.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c30bfac416e46c3d94fae4e59f4d927068d89bedbbe5800812acc4cb71ada05

  • Size

    3.0MB

  • Sample

    220701-glxchsgdg2

  • MD5

    37c7f7c71406fc30b6d0017d438ad5a4

  • SHA1

    c764777b62ab487bf787c520c19af292638cd5bd

  • SHA256

    8c30bfac416e46c3d94fae4e59f4d927068d89bedbbe5800812acc4cb71ada05

  • SHA512

    f243c6b9f00c66e991b9ba48943de2c659ed040a3986816c4d13748665aed6f578efc18a52986ba5c4250fad10012ae3826553c029b3de30ab7bfde86094081c

Score
10/10
phoenixcollectionkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    silverlinehospital.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bukky101@

Targets

    • Target

      8c30bfac416e46c3d94fae4e59f4d927068d89bedbbe5800812acc4cb71ada05

    • Size

      3.0MB

    • MD5

      37c7f7c71406fc30b6d0017d438ad5a4

    • SHA1

      c764777b62ab487bf787c520c19af292638cd5bd

    • SHA256

      8c30bfac416e46c3d94fae4e59f4d927068d89bedbbe5800812acc4cb71ada05

    • SHA512

      f243c6b9f00c66e991b9ba48943de2c659ed040a3986816c4d13748665aed6f578efc18a52986ba5c4250fad10012ae3826553c029b3de30ab7bfde86094081c

    Score
    10/10
    phoenixcollectionkeyloggerstealer

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks