phoenix | 47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b | Triage

Submit
Reports

Overview

overview

Static

static

5

47e051f21f...3b.exe

windows7_x64

47e051f21f...3b.exe

windows10-2004_x64

Sharing

General

Target

47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b
Size

1.1MB
Sample

220714-fn254segam
MD5

6532fa3ba88fd39e3c3d0e4843b70af8
SHA1

b09c725fc85ee4342089122df8bf4efea8fa8d1a
SHA256

47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b
SHA512

15530f43cc76dde6725a6b14a4e1fecb51458232ed838e7183c4418a875afeecfdc767ae0c4a386ee5bc2af0060063c11106e89e256b09f6fd64151fededc6eb

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b.exe

Resource

win7-20220414-en

phoenix collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
bhavnatutor.com
Port:
587
Username:
testing@bhavnatutor.com
Password:
Onyeoba111

Targets

- Target
  
  47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b
- Size
  
  1.1MB
- MD5
  
  6532fa3ba88fd39e3c3d0e4843b70af8
- SHA1
  
  b09c725fc85ee4342089122df8bf4efea8fa8d1a
- SHA256
  
  47e051f21f5dc9c2db736a28b20e0ba7a18dff61a21a98f04f4844a1e59ac13b
- SHA512
  
  15530f43cc76dde6725a6b14a4e1fecb51458232ed838e7183c4418a875afeecfdc767ae0c4a386ee5bc2af0060063c11106e89e256b09f6fd64151fededc6eb
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy