phoenix | bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da | Triage

Submit
Reports

Overview

overview

Static

static

5

bcb6b071f9...da.exe

windows7-x64

bcb6b071f9...da.exe

windows10-2004-x64

Sharing

General

Target

bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da
Size

1.1MB
Sample

220731-fxpldabafr
MD5

df42c439132933e840bb989440b0db6d
SHA1

80e66df85a64d4b88083fcfcd6a280a07ddbaa41
SHA256

bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da
SHA512

15a80ca61db62f5c2c24ad1c87d1baae3a8ec247f66df64b03fe8ca3c154d5fd9fdc11db57675bfc56f3d194b16e75c5af1bd5d54b189e87605808d969bc3f6e

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da.exe

Resource

win7-20220718-en

phoenix collection keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
bhavnatutor.com
Port:
587
Username:
testing@bhavnatutor.com
Password:
Onyeoba111

Targets

- Target
  
  bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da
- Size
  
  1.1MB
- MD5
  
  df42c439132933e840bb989440b0db6d
- SHA1
  
  80e66df85a64d4b88083fcfcd6a280a07ddbaa41
- SHA256
  
  bcb6b071f96c578d2262fc1559b8ee534fecfb47e9cee3096b3cde7576de99da
- SHA512
  
  15a80ca61db62f5c2c24ad1c87d1baae3a8ec247f66df64b03fe8ca3c154d5fd9fdc11db57675bfc56f3d194b16e75c5af1bd5d54b189e87605808d969bc3f6e
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy