phorphiex | 94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72 | Triage

Sharing

General

Target

94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72
Size

74KB
Sample

230122-vtrznagf72
MD5

024def417ae82e4c14a313a153d8984c
SHA1

ce7c071cbd60c7864a1e8a99f7496d3ad166a3ae
SHA256

94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72
SHA512

0f3429a77e168bd5b800b8a611a61c327907c9fc35e4351189bd379aaea82ced1e0abd5c5fb2baf1e7796aa09d9cf9cd9feab26cbb82035bd352ab5f7399e400
SSDEEP

1536:gA3Mz8gpsBILcS+CR6xXaMx/8xgh9sfFr:Uw7IL33RfMx/RGfFr

Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

1Gpu5QiBqsquu71AGqHwb4Y68iwnkdGH1k

3PPJU1omRSTwxDbbfVyxh9Mm8WkiMGZviMh

37AcEVDyoPyUJUKNM3mM1UxNNvKgN6Abn5

qqlt9zzv020vtlswk5v6e90nv7hsuqz0nggp4rj5t0

Xj6orHUgmtZtPb2wGSTX2reQZJ89ZeeYYG

DRyZQqRX998DYdf7zGdTCShGcRBbxjUAbF

0x25229D09B0048F23e60c010C8eE1ae65C727e973

LhoapQ1TFjG2Fvbwn5WbM2wYcwisKRVz7x

r3j2xjQLmVa6Cg3cHZLqLNVja1x6g1AtNL

TVTrpva4J2g8SENebPar4YnfnCqwUeiX4a

t1MrdY4n3DBL3uip5Pq6tqx4doYpihJJG68

AXUqtUXyQmU8buqL5ehCLuLLHhhFrREXuw

bitcoincash:qqlt9zzv020vtlswk5v6e90nv7hsuqz0nggp4rj5t0

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

GDX4NDGHA5WKQLOI65PKPZRHSN6ZAUBRHA7BL44O5IOVMMZFZISMHTUD

bnb1zm5y3pns0ertprnvdyulz63tenlp9kc4m78v0m

bc1qdk0fquc7ug2zn7zpdyx4kasdy34t00c5r2xdup

Targets

- Target
  
  94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72
- Size
  
  74KB
- MD5
  
  024def417ae82e4c14a313a153d8984c
- SHA1
  
  ce7c071cbd60c7864a1e8a99f7496d3ad166a3ae
- SHA256
  
  94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72
- SHA512
  
  0f3429a77e168bd5b800b8a611a61c327907c9fc35e4351189bd379aaea82ced1e0abd5c5fb2baf1e7796aa09d9cf9cd9feab26cbb82035bd352ab5f7399e400
- SSDEEP
  
  1536:gA3Mz8gpsBILcS+CR6xXaMx/8xgh9sfFr:Uw7IL33RfMx/RGfFr
Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencespywarestealertrojanworm