phorphiex | 5c8d519b601447d102fc9b2f83b894bf15939506a3ad8aa53fa535de36121ce7 | Triage

Sharing

General

Target

459c987558d3380fca8c840549f83111.exe
Size

6KB
Sample

230122-v1zyvaae5w
MD5

459c987558d3380fca8c840549f83111
SHA1

7433000eeb78f9ae908e11eb67e9391622e7e5b8
SHA256

5c8d519b601447d102fc9b2f83b894bf15939506a3ad8aa53fa535de36121ce7
SHA512

86147b76ed3b41897771061e5451aafd5f729dd212eae868b81a8dc487f7cbcc6e6f8687b72d4e714d4a7f43f6b7f49b627b9e7df1d81c7cc4cfd2b9c13d63f4
SSDEEP

96:esd1t761bndKil7aBcxu0PtboynuYUBtCt:Jt7Yb975u0P1oynfUBM

Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

1Gpu5QiBqsquu71AGqHwb4Y68iwnkdGH1k

3PPJU1omRSTwxDbbfVyxh9Mm8WkiMGZviMh

37AcEVDyoPyUJUKNM3mM1UxNNvKgN6Abn5

qqlt9zzv020vtlswk5v6e90nv7hsuqz0nggp4rj5t0

Xj6orHUgmtZtPb2wGSTX2reQZJ89ZeeYYG

DRyZQqRX998DYdf7zGdTCShGcRBbxjUAbF

0x25229D09B0048F23e60c010C8eE1ae65C727e973

LhoapQ1TFjG2Fvbwn5WbM2wYcwisKRVz7x

r3j2xjQLmVa6Cg3cHZLqLNVja1x6g1AtNL

TVTrpva4J2g8SENebPar4YnfnCqwUeiX4a

t1MrdY4n3DBL3uip5Pq6tqx4doYpihJJG68

AXUqtUXyQmU8buqL5ehCLuLLHhhFrREXuw

bitcoincash:qqlt9zzv020vtlswk5v6e90nv7hsuqz0nggp4rj5t0

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

GDX4NDGHA5WKQLOI65PKPZRHSN6ZAUBRHA7BL44O5IOVMMZFZISMHTUD

bnb1zm5y3pns0ertprnvdyulz63tenlp9kc4m78v0m

bc1qdk0fquc7ug2zn7zpdyx4kasdy34t00c5r2xdup

Targets

- Target
  
  459c987558d3380fca8c840549f83111.exe
- Size
  
  6KB
- MD5
  
  459c987558d3380fca8c840549f83111
- SHA1
  
  7433000eeb78f9ae908e11eb67e9391622e7e5b8
- SHA256
  
  5c8d519b601447d102fc9b2f83b894bf15939506a3ad8aa53fa535de36121ce7
- SHA512
  
  86147b76ed3b41897771061e5451aafd5f729dd212eae868b81a8dc487f7cbcc6e6f8687b72d4e714d4a7f43f6b7f49b627b9e7df1d81c7cc4cfd2b9c13d63f4
- SSDEEP
  
  96:esd1t761bndKil7aBcxu0PtboynuYUBtCt:Jt7Yb975u0P1oynfUBM
Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencespywarestealertrojanworm

behavioral2

phorphiexevasionloaderpersistencespywarestealertrojanworm