General

  • Target

    ce8b46fe16021f65d5098ec9330b47aad163072a9b2ae4ae6f3a1cd5629adbcc

  • Size

    318KB

  • Sample

    220731-fjm6dsabal

  • MD5

    518c5cb213e1f22ee55fec3a22a0cab7

  • SHA1

    3ecfc50dae59b216f4ab99a8c0262ff2a7bb3bba

  • SHA256

    ce8b46fe16021f65d5098ec9330b47aad163072a9b2ae4ae6f3a1cd5629adbcc

  • SHA512

    9caa7aa7ee34b9fd8065d02e5266f6c22e29e13d2aec53727a99e0335bfbc4828b2266bc92239d4c95bc09de62244baf2b64e4f0c9491b91fe5377fd4d02257f

Malware Config

Extracted

Family

phorphiex

C2

http://193.32.161.73/

Wallets

1L6sJ7pmk6EGMUoTmpdbLez9dXACcirRHh

qzgdgnfd805z83wpu04rhld0yqs4dlrd35ll0ltqql

Xt8ZtCcG9BFoc7NfUNBVnxcTvYT4mmzh5i

D7otx94yAiXMUuuff23v8PAYH5XpkdQ89M

0xa5228127395263575a4b4f532e4f132b14599d24

LUMrZN6GTetcrXtzMmRayLpRN9JrCNcTe7

t1PVHo3JR9ZAxMxRXgTziGBeDwfb5Gwm64z

Targets

    • Target

      ce8b46fe16021f65d5098ec9330b47aad163072a9b2ae4ae6f3a1cd5629adbcc

    • Size

      318KB

    • MD5

      518c5cb213e1f22ee55fec3a22a0cab7

    • SHA1

      3ecfc50dae59b216f4ab99a8c0262ff2a7bb3bba

    • SHA256

      ce8b46fe16021f65d5098ec9330b47aad163072a9b2ae4ae6f3a1cd5629adbcc

    • SHA512

      9caa7aa7ee34b9fd8065d02e5266f6c22e29e13d2aec53727a99e0335bfbc4828b2266bc92239d4c95bc09de62244baf2b64e4f0c9491b91fe5377fd4d02257f

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Phorphiex payload

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks