Extracted

• • Target

    5cce8286de684ee70dde8e00233ae0be993706cea778c9994ac07de62292cfb4

  • Size

    1.1MB

  • MD5

    afe41d9e0ccd4343775a83d86fb98897

  • SHA1

    978027f08dac0bb530893d02daddd28604196cb2

  • SHA256

    5cce8286de684ee70dde8e00233ae0be993706cea778c9994ac07de62292cfb4

  • SHA512

    82f8b48569075dcac5e97a7b86c6808169b14c9285020dc07bfdb3cf6917ceb1aed5aff57ddd0377a837710a99e18a819128caadccc1d133a96e7a2e03a501cf

  Score

  10^/10

  phoenixcollectionkeyloggerstealer

  • Phoenix Keylogger

    Phoenix is a keylogger and info stealer first seen in July 2019.

    stealerkeyloggerphoenix

  • Phoenix Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2