phoenix | ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36 | Triage

Submit
Reports

Overview

overview

Static

static

5

ddc1ca6b9c...36.exe

windows7-x64

ddc1ca6b9c...36.exe

windows10-2004-x64

Sharing

General

Target

ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36
Size

1.1MB
Sample

220731-fxv36abahl
MD5

062320679a253df4d37961a6ce5b9870
SHA1

5e3d73c7d48d1b85deb28f1120e76a3a8fb683ae
SHA256

ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36
SHA512

fee1178d2155f147ad2d8b613dad35cd6323175c3bb20476a8a506ad68d0b05b6eb3d9779078554675bd420634aa82dd0bbf6205a222401625e2ff2419417f4d

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36.exe

Resource

win7-20220718-en

phoenix collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
silverlinehospital.in
Port:
587
Username:
biz@silverlinehospital.in
Password:
Bukky101@

Targets

- Target
  
  ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36
- Size
  
  1.1MB
- MD5
  
  062320679a253df4d37961a6ce5b9870
- SHA1
  
  5e3d73c7d48d1b85deb28f1120e76a3a8fb683ae
- SHA256
  
  ddc1ca6b9cabf78dd490c8ac27ba16fdbf70dc481443e08d63c3a2edcbf6ad36
- SHA512
  
  fee1178d2155f147ad2d8b613dad35cd6323175c3bb20476a8a506ad68d0b05b6eb3d9779078554675bd420634aa82dd0bbf6205a222401625e2ff2419417f4d
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy