General

  • Target

    d746e41e18bb637062881aca207186dc3d005e79c857e025f89ce2a1b3e52ecf

  • Size

    392KB

  • Sample

    220725-c9b92abea5

  • MD5

    712a19e062672ca95f393732f9250b6e

  • SHA1

    687c166c40697686aecd7c5dac972361f3362676

  • SHA256

    d746e41e18bb637062881aca207186dc3d005e79c857e025f89ce2a1b3e52ecf

  • SHA512

    33d5779bae56f7231f841f691ed4ae48641a80baedb5c262ec4b86605a44cd0f02512b514241a3c2d4788c527308dc974382bd3c4ab0af74fe2e064235ed0c65

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

Wallets

13cQ2H6oszrEnvw1ZGdsPix9gUayB8tzNa

qr5pm4d27z250wpz4sfy08ytghxn56kryvsw5tdw99

XfrM8P9YWSg8mQTxSCCxyHUeQjMEGx8vnE

DSG5PddW9wu1eKdLcx4f3KBF4wUvaBFaGc

0x373b9854c9e4511b920372f5495640cdc25d6832

LSermtCTLWeS683x17AtYuhNT8MpMmVmi8

t1XgRHyGj6YDNqkS5EWwdcXG1rjQPFFdUsR

Targets

    • Target

      d746e41e18bb637062881aca207186dc3d005e79c857e025f89ce2a1b3e52ecf

    • Size

      392KB

    • MD5

      712a19e062672ca95f393732f9250b6e

    • SHA1

      687c166c40697686aecd7c5dac972361f3362676

    • SHA256

      d746e41e18bb637062881aca207186dc3d005e79c857e025f89ce2a1b3e52ecf

    • SHA512

      33d5779bae56f7231f841f691ed4ae48641a80baedb5c262ec4b86605a44cd0f02512b514241a3c2d4788c527308dc974382bd3c4ab0af74fe2e064235ed0c65

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Phorphiex payload

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks