phoenix | dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a | Triage

Submit
Reports

Overview

overview

Static

static

5

dcba6db4d9...0a.exe

windows7-x64

dcba6db4d9...0a.exe

windows10-2004-x64

Sharing

General

Target

dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a
Size

1.1MB
Sample

220731-fxt6vsaaf2
MD5

90f569dce5e7b2e2375f00feb6e183a2
SHA1

1d5388ab49868acc57f1e1e3bbbdb8b10204fba5
SHA256

dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a
SHA512

2cbc66a7aac5f72ff0cd40b5b486526786178d445d73efa612698636360a262b15ca3d5d3d62258a7bfe79cbda0532c20b9f55bae0eed533b932b9f34191c928

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a.exe

Resource

win7-20220718-en

phoenix collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a.exe

Resource

win10v2004-20220722-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
bhavnatutor.com
Port:
587
Username:
sales@bhavnatutor.com
Password:
Onyeoba111

Targets

- Target
  
  dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a
- Size
  
  1.1MB
- MD5
  
  90f569dce5e7b2e2375f00feb6e183a2
- SHA1
  
  1d5388ab49868acc57f1e1e3bbbdb8b10204fba5
- SHA256
  
  dcba6db4d94eaa0caff01673d47930c53d3ccd4fe793c09e12547ac5d53b2d0a
- SHA512
  
  2cbc66a7aac5f72ff0cd40b5b486526786178d445d73efa612698636360a262b15ca3d5d3d62258a7bfe79cbda0532c20b9f55bae0eed533b932b9f34191c928
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy