phoenix | 5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a | Triage

Submit
Reports

Overview

overview

Static

static

5a60de044c...8a.exe

windows7-x64

5a60de044c...8a.exe

windows10-2004-x64

7

Sharing

General

Target

5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a
Size

122KB
Sample

220802-eaxssshdh2
MD5

1e3ea34762c6301233da7cb8c5e9c45f
SHA1

3d629e220c508ad7af102ef115d5eb3f3ec232f5
SHA256

5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a
SHA512

8eab05ab8e033b1f1b20103a5da38a116e321a7f9344c26f6f8060865f4ef3e6ef1095aa0f2909f6ee1e9dca98f50dfbe7cd69cf2962f6dd59125fd80461759d

Score

10^/10

phoenix collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a.exe

Resource

win7-20220715-en

phoenix collection keylogger spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a.exe

Resource

win10v2004-20220721-en

collection spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a
- Size
  
  122KB
- MD5
  
  1e3ea34762c6301233da7cb8c5e9c45f
- SHA1
  
  3d629e220c508ad7af102ef115d5eb3f3ec232f5
- SHA256
  
  5a60de044c16784f219f6c5500c105ef06bdc00975a1518a5a73f90ca2bdc68a
- SHA512
  
  8eab05ab8e033b1f1b20103a5da38a116e321a7f9344c26f6f8060865f4ef3e6ef1095aa0f2909f6ee1e9dca98f50dfbe7cd69cf2962f6dd59125fd80461759d
Score

10^/10

phoenix collection keylogger spyware stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy