General

  • Target

    f4c71bb6e0a66271e2341c1b75468babee40a3fd382165b95dcf6ed47158a9dc

  • Size

    194KB

  • Sample

    221027-fgkmgsagd3

  • MD5

    15a768aba0d0fe9227f52c084bc76fe8

  • SHA1

    eb9dfeb45273817d5aa58161fb4ca990610a5e5a

  • SHA256

    f4c71bb6e0a66271e2341c1b75468babee40a3fd382165b95dcf6ed47158a9dc

  • SHA512

    45c2719c4790a0191e783d200aca4f9ce8abbeb4dd0ee66ddc74f97f9403033f5db1e6725d8392ca6dff2325817986df4379dcc9083a1ead68063650c2060d48

  • SSDEEP

    3072:vQ3YeQwyg4Yurc+CR5F7BcoWhkrF7ZHWAAfJcdD:vkYeQwp4YurJI5coWhaufJcd

Malware Config

Targets

    • Target

      f4c71bb6e0a66271e2341c1b75468babee40a3fd382165b95dcf6ed47158a9dc

    • Size

      194KB

    • MD5

      15a768aba0d0fe9227f52c084bc76fe8

    • SHA1

      eb9dfeb45273817d5aa58161fb4ca990610a5e5a

    • SHA256

      f4c71bb6e0a66271e2341c1b75468babee40a3fd382165b95dcf6ed47158a9dc

    • SHA512

      45c2719c4790a0191e783d200aca4f9ce8abbeb4dd0ee66ddc74f97f9403033f5db1e6725d8392ca6dff2325817986df4379dcc9083a1ead68063650c2060d48

    • SSDEEP

      3072:vQ3YeQwyg4Yurc+CR5F7BcoWhkrF7ZHWAAfJcdD:vkYeQwp4YurJI5coWhaufJcd

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Phorphiex payload

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks