General

  • Target

    a0e191d34fcd7c11b12b0ea4ac3b5e7e.exe

  • Size

    9KB

  • Sample

    220817-rf46aagedr

  • MD5

    a0e191d34fcd7c11b12b0ea4ac3b5e7e

  • SHA1

    5372863051ffd26cf070b178d76827a4df50cdf6

  • SHA256

    4be45155e4f00c417a85688e2d31587ee82fe60dfc5c81a7c901ea703a179017

  • SHA512

    5d80f08a7b5970e8744e624f2c2825a75c74b9ff9b5ecd89578eba05df46ad9ee27b0fffe8e97dfc47d5f5b7512da2af740a9ac484e6123d54fdc954847457ea

  • SSDEEP

    192:E1KNvQCVNIsbKPP1oynfUBNs1Fu669tk2Ha:E8NoCVNLk1BUBN6F96s

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/twizt/

Wallets

12SJv5p8xUHeiKnXPCDaKCMpqvXj7TABT5BSxGt3csz9Beuc

1A6utf8R2zfLL7X31T5QRHdQyAx16BjdFD

3PFzu8Rw8aDNhDT6d5FMrZ3ckE4dEHzogfg

3BJS4zYwrnfcJMm4xLxRcsa69ght8n6QWz

qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k

XgWbWpuyPGney7hcS9vZ7eNhkj7WcvGcj8

DPcSSyFAYLu4aEB4s1Yotb8ANwtx6bZEQG

0xb899fC445a1b61Cdd62266795193203aa72351fE

LRDpmP5wHZ82LZimzWDLHVqJPDSpkM1gZ7

r1eZ7W1fmUT9tiUZwK6rr3g6RNiE4QpU1

TBdEh7r35ywUD5omutc2kDTX7rXhnFkxy5

t1T7mBRBgTYPEL9RPPBnAVgcftiWUPBFWyy

AGUqhQzF52Qwbvun5wQSrpokPtCC4b9yiX

bitcoincash:qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k

4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK

GCVFMTUKNLFBGHE3AHRJH4IJDRZGWOJ6JD2FQTFQAAIQR64ALD7QJHUY

bnb1rcg9mnkzna2tw4u8ughyaj6ja8feyj87hss9ky

bc1qzs2hs5dvyx04h0erq4ea72sctcre2rcwadsq2v

Targets

    • Target

      a0e191d34fcd7c11b12b0ea4ac3b5e7e.exe

    • Size

      9KB

    • MD5

      a0e191d34fcd7c11b12b0ea4ac3b5e7e

    • SHA1

      5372863051ffd26cf070b178d76827a4df50cdf6

    • SHA256

      4be45155e4f00c417a85688e2d31587ee82fe60dfc5c81a7c901ea703a179017

    • SHA512

      5d80f08a7b5970e8744e624f2c2825a75c74b9ff9b5ecd89578eba05df46ad9ee27b0fffe8e97dfc47d5f5b7512da2af740a9ac484e6123d54fdc954847457ea

    • SSDEEP

      192:E1KNvQCVNIsbKPP1oynfUBNs1Fu669tk2Ha:E8NoCVNLk1BUBN6F96s

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Windows security bypass

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks