phoenix | d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1 | Triage

Submit
Reports

Overview

overview

Static

static

5

d78a0419df...d1.exe

windows7-x64

d78a0419df...d1.exe

windows10-2004-x64

Sharing

General

Target

d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1
Size

1.1MB
Sample

220724-sjsr4ageam
MD5

0e7f46ad37f486ea26e6987f6022ee71
SHA1

18e3ef5b22ad2a046aac7b473fa02c9c6611a7bd
SHA256

d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1
SHA512

c22364a850add02a88baf2a8ad719b15b6cf2d3cc8d4d0859ece1a6968a90656d72da0abf159406fb7af42462c4d0e2bb22aa54d0475bb74a7f68bf8009d7e14

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1.exe

Resource

win7-20220715-en

phoenix collection keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
bhavnatutor.com
Port:
587
Username:
sales@bhavnatutor.com
Password:
Onyeoba111

Targets

- Target
  
  d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1
- Size
  
  1.1MB
- MD5
  
  0e7f46ad37f486ea26e6987f6022ee71
- SHA1
  
  18e3ef5b22ad2a046aac7b473fa02c9c6611a7bd
- SHA256
  
  d78a0419df93d26fedc18cda51b7f76900d640ffc9909ce98f60362d1a3d3bd1
- SHA512
  
  c22364a850add02a88baf2a8ad719b15b6cf2d3cc8d4d0859ece1a6968a90656d72da0abf159406fb7af42462c4d0e2bb22aa54d0475bb74a7f68bf8009d7e14
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy