phoenix | bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e | Triage

Submit
Reports

Overview

overview

Static

static

bce9a96a4a...3e.exe

windows7-x64

bce9a96a4a...3e.exe

windows10-2004-x64

3

Sharing

General

Target

bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e
Size

707KB
Sample

220731-hr4jfseecp
MD5

8583911291b5a5fa27f0930d403e8128
SHA1

a88e96b6c8cab8106c812b1aa3853f3c60c7f153
SHA256

bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e
SHA512

d2740da3d3e95cdf01a685e70f85bf6445896c1005ab9da4f22bff6e0c57163d8ffbc6f23597622efa314b7a89c5a7c42f9bd991b96bfb03d4aec744f6b23663

Score

10^/10

phoenix collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e.exe

Resource

win7-20220715-en

phoenix collection keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e.exe

Resource

win10v2004-20220722-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e
- Size
  
  707KB
- MD5
  
  8583911291b5a5fa27f0930d403e8128
- SHA1
  
  a88e96b6c8cab8106c812b1aa3853f3c60c7f153
- SHA256
  
  bce9a96a4a27ae4cdc4ffd84249b7e6e075810952120874f6dbebc39d586bb3e
- SHA512
  
  d2740da3d3e95cdf01a685e70f85bf6445896c1005ab9da4f22bff6e0c57163d8ffbc6f23597622efa314b7a89c5a7c42f9bd991b96bfb03d4aec744f6b23663
Score

10^/10

phoenix collection keylogger spyware stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy