Overview

overview

10

Static

static

8

3dcb61c853...ba.exe

windows7_x64

10

3dcb61c853...ba.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dcb61c8530dca57db103b359bfeef325b3495166ceff0c68449d597c4aa77ba

  • Size

    690KB

  • Sample

    220701-rtbqwshga2

  • MD5

    9614dbed925a368082a281ba77ec70b9

  • SHA1

    0b132697b64ef2c93efbb3443d135f733171d6aa

  • SHA256

    3dcb61c8530dca57db103b359bfeef325b3495166ceff0c68449d597c4aa77ba

  • SHA512

    abd11cd9a3a528dd194111fbd2a21052afc06f3c30117e4f81c0335cdf7537405d85f532b6a88c8cab3e875330a70677311b307a4ffa471c2f730a623c3bf5c3

Score
10/10
phoenixcollectionkeyloggerstealerupx

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    bhavnatutor.com
  • Port:
    587
  • Username:
    sales@bhavnatutor.com
  • Password:
    Onyeoba111

Targets

    • Target

      3dcb61c8530dca57db103b359bfeef325b3495166ceff0c68449d597c4aa77ba

    • Size

      690KB

    • MD5

      9614dbed925a368082a281ba77ec70b9

    • SHA1

      0b132697b64ef2c93efbb3443d135f733171d6aa

    • SHA256

      3dcb61c8530dca57db103b359bfeef325b3495166ceff0c68449d597c4aa77ba

    • SHA512

      abd11cd9a3a528dd194111fbd2a21052afc06f3c30117e4f81c0335cdf7537405d85f532b6a88c8cab3e875330a70677311b307a4ffa471c2f730a623c3bf5c3

    Score
    10/10
    phoenixcollectionkeyloggerstealerupx

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks