Overview

overview

10

Static

static

5

5cce8286de...b4.exe

windows7-x64

10

5cce8286de...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cce8286de684ee70dde8e00233ae0be993706cea778c9994ac07de62292cfb4

  • Size

    1.1MB

  • Sample

    220801-fxfy8scddq

  • MD5

    afe41d9e0ccd4343775a83d86fb98897

  • SHA1

    978027f08dac0bb530893d02daddd28604196cb2

  • SHA256

    5cce8286de684ee70dde8e00233ae0be993706cea778c9994ac07de62292cfb4

  • SHA512

    82f8b48569075dcac5e97a7b86c6808169b14c9285020dc07bfdb3cf6917ceb1aed5aff57ddd0377a837710a99e18a819128caadccc1d133a96e7a2e03a501cf

Score
10/10
phoenixcollectionkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    bhavnatutor.com
  • Port:
    587
  • Username:
    sales@bhavnatutor.com
  • Password:
    Onyeoba111

Targets

    • Target

      5cce8286de684ee70dde8e00233ae0be993706cea778c9994ac07de62292cfb4

    • Size

      1.1MB

    • MD5

      afe41d9e0ccd4343775a83d86fb98897

    • SHA1

      978027f08dac0bb530893d02daddd28604196cb2

    • SHA256

      5cce8286de684ee70dde8e00233ae0be993706cea778c9994ac07de62292cfb4

    • SHA512

      82f8b48569075dcac5e97a7b86c6808169b14c9285020dc07bfdb3cf6917ceb1aed5aff57ddd0377a837710a99e18a819128caadccc1d133a96e7a2e03a501cf

    Score
    10/10
    phoenixcollectionkeyloggerstealer

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

      stealerkeyloggerphoenix

    • Phoenix Keylogger payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks