phoenixstealer | 22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7

Analysis

max time kernel
143s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
26-11-2022 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

000005.exe
Size

1.4MB
MD5

f69b832184bb5f7830e65bfeeda9906d
SHA1

c5c8d20594de19fa7ddbc1210c894cc7aa0c63c9
SHA256

22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7
SHA512

e15ee68cd6213cb8c4f1d3d22d63236536452ca344de1b7fe07d7aeaa3012faae7cb0bb09be10c254e7209dccdb775cd5156295183567bcdf492339c2834a822
SSDEEP

24576:O4cbvV5X/VCSEEqxZE6KWH432T+1GBr+DeKPjlDIOtqHp+guHU4ESve:O4i7/VCS03H828DxPjlcO0+BHU4ESve

Score

10^/10

phoenixstealer stealer

Malware Config

Signatures

PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
stealer phoenixstealer

Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs

Processes:

000005.exe

pid	process
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe
4580	000005.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

000005.exe

pid process

4580 000005.exe

C:\Users\Admin\AppData\Local\Temp\000005.exe
"C:\Users\Admin\AppData\Local\Temp\000005.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4580-117-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-118-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-119-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-120-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-121-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-122-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-123-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-124-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-125-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-126-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-127-0x0000000000870000-0x0000000000C64000-memory.dmp

Filesize
4.0MB

Download
memory/4580-128-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-129-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-130-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-131-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-132-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-133-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-134-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-135-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-136-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-137-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-138-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-139-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-140-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-141-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-142-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-143-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-144-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-145-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-146-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-148-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-147-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-149-0x0000000000870000-0x0000000000C64000-memory.dmp

Filesize
4.0MB

Download
memory/4580-150-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-151-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-152-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-153-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-154-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-155-0x0000000000870000-0x0000000000C64000-memory.dmp

Filesize
4.0MB

Download
memory/4580-156-0x0000000077450000-0x00000000775DE000-memory.dmp

Filesize
1.6MB

Download
memory/4580-157-0x0000000000870000-0x0000000000C64000-memory.dmp

Filesize
4.0MB

Download
memory/4580-158-0x0000000000870000-0x0000000000C64000-memory.dmp

Filesize
4.0MB

Download