phorphiex | 50fcdf33b27a9bc36765e7b5a2650678f0f0ef15d6410054f89fb63605f849e5 | Triage

Sharing

General

Target

461f422870426748cc3e24111532472b.exe
Size

16KB
Sample

230122-v2jy1sgg24
MD5

461f422870426748cc3e24111532472b
SHA1

8772291dc3edfe84dffad71af33d48e853e10b08
SHA256

50fcdf33b27a9bc36765e7b5a2650678f0f0ef15d6410054f89fb63605f849e5
SHA512

6221d44ea6a63f28103aa8df38ecfff4dea3825052cb927b2228862318bc9ef1eaaed761ba31625dc068297fd589db20ce3fb93a62868fd8953452791cd6f8eb
SSDEEP

384:T1CfH3216i7jToD/vWoveM87zaL5j8J9OxX:UH3gFcD/vba7zH3OJ

Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

1Gpu5QiBqsquu71AGqHwb4Y68iwnkdGH1k

3PPJU1omRSTwxDbbfVyxh9Mm8WkiMGZviMh

37AcEVDyoPyUJUKNM3mM1UxNNvKgN6Abn5

qqlt9zzv020vtlswk5v6e90nv7hsuqz0nggp4rj5t0

Xj6orHUgmtZtPb2wGSTX2reQZJ89ZeeYYG

DRyZQqRX998DYdf7zGdTCShGcRBbxjUAbF

0x25229D09B0048F23e60c010C8eE1ae65C727e973

LhoapQ1TFjG2Fvbwn5WbM2wYcwisKRVz7x

r3j2xjQLmVa6Cg3cHZLqLNVja1x6g1AtNL

TVTrpva4J2g8SENebPar4YnfnCqwUeiX4a

t1MrdY4n3DBL3uip5Pq6tqx4doYpihJJG68

AXUqtUXyQmU8buqL5ehCLuLLHhhFrREXuw

bitcoincash:qqlt9zzv020vtlswk5v6e90nv7hsuqz0nggp4rj5t0

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

GDX4NDGHA5WKQLOI65PKPZRHSN6ZAUBRHA7BL44O5IOVMMZFZISMHTUD

bnb1zm5y3pns0ertprnvdyulz63tenlp9kc4m78v0m

bc1qdk0fquc7ug2zn7zpdyx4kasdy34t00c5r2xdup

Targets

- Target
  
  461f422870426748cc3e24111532472b.exe
- Size
  
  16KB
- MD5
  
  461f422870426748cc3e24111532472b
- SHA1
  
  8772291dc3edfe84dffad71af33d48e853e10b08
- SHA256
  
  50fcdf33b27a9bc36765e7b5a2650678f0f0ef15d6410054f89fb63605f849e5
- SHA512
  
  6221d44ea6a63f28103aa8df38ecfff4dea3825052cb927b2228862318bc9ef1eaaed761ba31625dc068297fd589db20ce3fb93a62868fd8953452791cd6f8eb
- SSDEEP
  
  384:T1CfH3216i7jToD/vWoveM87zaL5j8J9OxX:UH3gFcD/vba7zH3OJ
Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencespywarestealertrojanworm

behavioral2

phorphiexevasionloaderpersistencespywarestealertrojanworm