General
-
Target
96336ed4f840c241ed216e7682d91ed9a4cc76dd56087956200fb88f4781ae9c
-
Size
125KB
-
Sample
220731-kg9c3aheap
-
MD5
66a5fa67f4aac1aed66d4c0a6b279f29
-
SHA1
383274b4899b61361806d199d44c95301a1d3472
-
SHA256
96336ed4f840c241ed216e7682d91ed9a4cc76dd56087956200fb88f4781ae9c
-
SHA512
de69ec0732b479988098e5be92dc5a3c50044fdd09931dd52f8118035e038c16b3eb982c9437ce62ee00c83c8a90c0081f266a5219ae7b843812e14342f92a08
Malware Config
Targets
-
-
Target
96336ed4f840c241ed216e7682d91ed9a4cc76dd56087956200fb88f4781ae9c
-
Size
125KB
-
MD5
66a5fa67f4aac1aed66d4c0a6b279f29
-
SHA1
383274b4899b61361806d199d44c95301a1d3472
-
SHA256
96336ed4f840c241ed216e7682d91ed9a4cc76dd56087956200fb88f4781ae9c
-
SHA512
de69ec0732b479988098e5be92dc5a3c50044fdd09931dd52f8118035e038c16b3eb982c9437ce62ee00c83c8a90c0081f266a5219ae7b843812e14342f92a08
Score10/10-
Phoenix Keylogger
Phoenix is a keylogger and info stealer first seen in July 2019.
-
Phoenix Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-