Extracted

• • Target

    bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da

  • Size

    1.1MB

  • MD5

    df42c439132933e840bb989440b0db6d

  • SHA1

    80e66df85a64d4b88083fcfcd6a280a07ddbaa41

  • SHA256

    bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da

  • SHA512

    15a80ca61db62f5c2c24ad1c87d1baae3a8ec247f66df64b03fe8ca3c154d5fd9fdc11db57675bfc56f3d194b16e75c5af1bd5d54b189e87605808d969bc3f6e

  Score

  10^/10

  phoenixcollectionkeyloggerstealer

  • Phoenix Keylogger

    Phoenix is a keylogger and info stealer first seen in July 2019.

    stealerkeyloggerphoenix

  • Phoenix Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2