General
-
Target
0x000900000001231c-55.dat
-
Size
75KB
-
Sample
230205-k8k5jscc5y
-
MD5
cef53d7c28cc468a7cda230634a4c1dd
-
SHA1
147826c6b313e1274a166852a59f6ea7aff7703f
-
SHA256
71055501b3a9f1272add3a541ed59592033e1210ef6914422d5536c614c66b4a
-
SHA512
ed1d4473202f445bed306049b8184545c9857c8e45f5685257540731eb0057cf21519cd29d0db4a0dc9ad2ae4acee326f84849ba37ef54dd93ff5fbb46b13272
-
SSDEEP
1536:g13Mz8y5D0FLcNU33CxcuxrMhenfFCLeeeeeeeeeeeeeeeeeeeWeeeee:JwLFLQs3vuxrPnfF
Malware Config
Extracted
phorphiex
http://185.215.113.66/
Targets
-
-
Target
0x000900000001231c-55.dat
-
Size
75KB
-
MD5
cef53d7c28cc468a7cda230634a4c1dd
-
SHA1
147826c6b313e1274a166852a59f6ea7aff7703f
-
SHA256
71055501b3a9f1272add3a541ed59592033e1210ef6914422d5536c614c66b4a
-
SHA512
ed1d4473202f445bed306049b8184545c9857c8e45f5685257540731eb0057cf21519cd29d0db4a0dc9ad2ae4acee326f84849ba37ef54dd93ff5fbb46b13272
-
SSDEEP
1536:g13Mz8y5D0FLcNU33CxcuxrMhenfFCLeeeeeeeeeeeeeeeeeeeWeeeee:JwLFLQs3vuxrPnfF
Score10/10-
Phorphiex
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-