phorphiex

General

Target

b65cdaaf688423fb0d3b02e18dfa814ebc6bc2e4637e8a40f9c64c802b7f219f
Size

368KB
Sample

220725-fatltafbhn
MD5

4edd5e53432ee2fde30e94e4887dec54
SHA1

6bb5c8be14d8da80f0f96c99fa2df3bb7124c965
SHA256

b65cdaaf688423fb0d3b02e18dfa814ebc6bc2e4637e8a40f9c64c802b7f219f
SHA512

28723099729b415b3af80922d7983fa07ba7bad88276d35ac9a481aed0e77f435bebb8460c6a8948068577ebda2d692e0622a2f9f181ded29475cb68e5d45eaa

Score

10^/10

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

Wallets

13cQ2H6oszrEnvw1ZGdsPix9gUayB8tzNa

qr5pm4d27z250wpz4sfy08ytghxn56kryvsw5tdw99

XfrM8P9YWSg8mQTxSCCxyHUeQjMEGx8vnE

DSG5PddW9wu1eKdLcx4f3KBF4wUvaBFaGc

0x373b9854c9e4511b920372f5495640cdc25d6832

LSermtCTLWeS683x17AtYuhNT8MpMmVmi8

t1XgRHyGj6YDNqkS5EWwdcXG1rjQPFFdUsR

Targets

- Target
  
  b65cdaaf688423fb0d3b02e18dfa814ebc6bc2e4637e8a40f9c64c802b7f219f
- Size
  
  368KB
- MD5
  
  4edd5e53432ee2fde30e94e4887dec54
- SHA1
  
  6bb5c8be14d8da80f0f96c99fa2df3bb7124c965
- SHA256
  
  b65cdaaf688423fb0d3b02e18dfa814ebc6bc2e4637e8a40f9c64c802b7f219f
- SHA512
  
  28723099729b415b3af80922d7983fa07ba7bad88276d35ac9a481aed0e77f435bebb8460c6a8948068577ebda2d692e0622a2f9f181ded29475cb68e5d45eaa
Score

10^/10

phorphiex evasion loader persistence suricata trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Phorphiex payload
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

3

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies Windows Defender Real-time Protection settings

Phorphiex payload

Windows security bypass

suricata: ET MALWARE APT-C-23 Activity (GET)

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2