Malware Analysis Report

2024-09-22 15:25

Sample ID 220707-jmlnhshfc4
Target Aer0 Spoofer - Stable .exe
SHA256 efc9deae21fc5b4c8ebfc3ecd56d62c5b5bf5f6cef0cfbdb250c3683f1e25eda
Tags
stealer phoenixstealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

efc9deae21fc5b4c8ebfc3ecd56d62c5b5bf5f6cef0cfbdb250c3683f1e25eda

Threat Level: Known bad

The file Aer0 Spoofer - Stable .exe was found to be: Known bad.

Malicious Activity Summary

stealer phoenixstealer

Detect PhoenixStealer

Phoenixstealer family

PhoenixStealer

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-07 07:47

Signatures

Detect PhoenixStealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Phoenixstealer family

phoenixstealer

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-07 07:47

Reported

2022-07-07 07:47

Platform

win7-20220414-en

Max time kernel

0s

Max time network

0s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Aer0 Spoofer - Stable .exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\Aer0 Spoofer - Stable .exe

"C:\Users\Admin\AppData\Local\Temp\Aer0 Spoofer - Stable .exe"

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp

Files

memory/1052-54-0x0000000076C81000-0x0000000076C83000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-07 07:47

Reported

2022-07-07 07:47

Platform

win10v2004-20220414-en

Max time kernel

0s

Max time network

7s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Aer0 Spoofer - Stable .exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\Aer0 Spoofer - Stable .exe

"C:\Users\Admin\AppData\Local\Temp\Aer0 Spoofer - Stable .exe"

Network

Files

N/A