Overview

overview

10

Static

static

5

9cfbfeea1c...02.exe

windows7-x64

10

9cfbfeea1c...02.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102

  • Size

    1.1MB

  • Sample

    220724-sjtpdsgean

  • MD5

    bf19b9d83c35f2a6a03365c3fcf4135d

  • SHA1

    e6ae36b4bde0d51215d33a4432a95fc3c2465a70

  • SHA256

    9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102

  • SHA512

    2cac488eb6359fc050b3a486b1052ed98bfb38d4e0d66e8c842600299e51c6602c2855e9732e7f5948ba6347ab41cd41510b0f84554321eb5db774ec4fe0160f

Score
10/10
phoenixcollectionkeyloggerstealer

Malware Config

Targets

    • Target

      9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102

    • Size

      1.1MB

    • MD5

      bf19b9d83c35f2a6a03365c3fcf4135d

    • SHA1

      e6ae36b4bde0d51215d33a4432a95fc3c2465a70

    • SHA256

      9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102

    • SHA512

      2cac488eb6359fc050b3a486b1052ed98bfb38d4e0d66e8c842600299e51c6602c2855e9732e7f5948ba6347ab41cd41510b0f84554321eb5db774ec4fe0160f

    Score
    10/10
    phoenixcollectionkeyloggerstealer

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks