Malware Analysis Report

2024-09-22 15:24

Sample ID 220825-yrm5gaacan
Target Aimware.exe
SHA256 51dc6776b701b58d659f6bc4e63a4ba9e4513032c42673599d921214998fae31
Tags
phoenixstealer stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

51dc6776b701b58d659f6bc4e63a4ba9e4513032c42673599d921214998fae31

Threat Level: Known bad

The file Aimware.exe was found to be: Known bad.

Malicious Activity Summary

phoenixstealer stealer

PhoenixStealer

Suspicious use of SetThreadContext

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-25 20:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-25 20:01

Reported

2022-08-25 20:02

Platform

win10v2004-20220812-en

Max time kernel

64s

Max time network

69s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Aimware.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Aimware.exe

"C:\Users\Admin\AppData\Local\Temp\Aimware.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 204.79.197.200:443 tcp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:443 bing.com tcp
US 8.8.8.8:53 moiawsorigin.clo.footprintdns.com udp
US 8.8.8.8:53 moiawsorigin.clo.footprintdns.com udp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 q-ring.msedge.net udp
US 13.107.49.254:443 q-ring.msedge.net tcp
US 8.8.8.8:53 abae82b430617a96cb0635a0c4fc44a4.clo.footprintdns.com udp
US 8.8.8.8:53 am2prdapp01-canary.cloudapp.net udp
RU 95.142.46.35:6666 tcp

Files

memory/202336-132-0x0000000000000000-mapping.dmp

memory/202336-133-0x0000000000400000-0x000000000048E000-memory.dmp

memory/202336-140-0x0000000000400000-0x000000000048E000-memory.dmp