General

  • Target

    430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3

  • Size

    1.4MB

  • Sample

    220708-aenngahfhp

  • MD5

    19985d9cf3390bfd2b4365a4c2626498

  • SHA1

    91c3f560a072a648d30d1fbcddc41f0c55379bbb

  • SHA256

    430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3

  • SHA512

    871d9577cc1b16e8ba70c8ad796cac075061390c4760aff7ea6b09b034e3bf66cba757c54f6bc01fbe41d0d06a0ae636c376c25e731531490485af588348fadf

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    silverlinehospital.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bukky101@

Targets

    • Target

      430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3

    • Size

      1.4MB

    • MD5

      19985d9cf3390bfd2b4365a4c2626498

    • SHA1

      91c3f560a072a648d30d1fbcddc41f0c55379bbb

    • SHA256

      430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3

    • SHA512

      871d9577cc1b16e8ba70c8ad796cac075061390c4760aff7ea6b09b034e3bf66cba757c54f6bc01fbe41d0d06a0ae636c376c25e731531490485af588348fadf

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

    • Phoenix Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks