Extracted

• • Target

    smes.exe

  • Size

    1.1MB

  • MD5

    2c9f626447ae964cea8cc43daf078e70

  • SHA1

    e6f9fed713f822348c289ab37e1e559f6738865e

  • SHA256

    1650fa7dfd5cc553776b130e27195d407ab18a356773e0c4b471102764ef25dd

  • SHA512

    65ccfa2a7ad4167aa157ece29906411dc2a4dd45027520e89f1a29c3a4ef6315b404c8ecf3a54f7b7ab348635b813f0a96f762ba2633d4499f9a56eb53978449

  Score

  10^/10

  phoenixcollectionkeyloggerstealer

  • Phoenix Keylogger

    Phoenix is a keylogger and info stealer first seen in July 2019.

    stealerkeyloggerphoenix

  • Phoenix Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2