Malware Analysis Report

2024-09-22 15:24

Sample ID 220707-jmcqlshfa9
Target 7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.bin
SHA256 7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349
Tags
stealer phoenixstealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349

Threat Level: Known bad

The file 7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.bin was found to be: Known bad.

Malicious Activity Summary

stealer phoenixstealer

Detect PhoenixStealer

Phoenixstealer family

PhoenixStealer

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-07 07:46

Signatures

Detect PhoenixStealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Phoenixstealer family

phoenixstealer

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-07 07:46

Reported

2022-07-07 07:46

Platform

win7-20220414-en

Max time kernel

0s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.exe

"C:\Users\Admin\AppData\Local\Temp\7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.exe"

Network

N/A

Files

memory/2024-54-0x0000000076011000-0x0000000076013000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-07 07:46

Reported

2022-07-07 07:47

Platform

win10v2004-20220414-en

Max time kernel

1s

Max time network

5s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.exe

"C:\Users\Admin\AppData\Local\Temp\7c6be662e016b02ac9e7a44966301ea70b365e5ca38d9ebb493544a186083349.exe"

Network

Country Destination Domain Proto
US 8.247.211.126:80 tcp

Files

N/A