Overview

overview

10

Static

static

10

0x000a0000...55.exe

windows7-x64

10

0x000a0000...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x000a000000012303-55.dat

  • Size

    75KB

  • Sample

    230206-lmrkwage5t

  • MD5

    17eb719f9e19aefae9114aa922681e7f

  • SHA1

    a2165a6d3ff4dee62215bd489bbcc0aaa498e70a

  • SHA256

    e0ac6b5de69220016ae30e12a499cd7e0002ab66942203376a0bb97b1790ad70

  • SHA512

    77e7663c0b2cccf1f357c3f75cae22b0c8e207d482f8e5237f3d81844266d4f49d10574abbb6531ab20b417ed19a4d4991214933362a004413ccbe8a41f194de

  • SSDEEP

    1536:gY3Mz8y5D0FLcNU33CxcuxrMhenfFzeeeeeeeeeeeeeeeeeeeWeeeee:MwLFLQs3vuxrPnfF

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Targets

    • Target

      0x000a000000012303-55.dat

    • Size

      75KB

    • MD5

      17eb719f9e19aefae9114aa922681e7f

    • SHA1

      a2165a6d3ff4dee62215bd489bbcc0aaa498e70a

    • SHA256

      e0ac6b5de69220016ae30e12a499cd7e0002ab66942203376a0bb97b1790ad70

    • SHA512

      77e7663c0b2cccf1f357c3f75cae22b0c8e207d482f8e5237f3d81844266d4f49d10574abbb6531ab20b417ed19a4d4991214933362a004413ccbe8a41f194de

    • SSDEEP

      1536:gY3Mz8y5D0FLcNU33CxcuxrMhenfFzeeeeeeeeeeeeeeeeeeeWeeeee:MwLFLQs3vuxrPnfF

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks