Overview

overview

10

Static

static

1

PhoenixCheat.exe

windows7-x64

10

PhoenixCheat.exe

windows10-1703-x64

10

PhoenixCheat.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PhoenixCheat.exe

  • Size

    815KB

  • Sample

    230722-jecewahh84

  • MD5

    1e851ef03fdca4e4e549e0e8946b223e

  • SHA1

    12d6b15118d051cef5174f5fe0b85a59a524fe1c

  • SHA256

    aec8c0045f51d92b2c9922446319c2f19092bdeecf7861b248dd7203bb4147b8

  • SHA512

    a0d140b7ea9843f90abf1faf1b526ff8647b0fd14252c402b87c87d33775042ca6bb51820bb83418f9fcda67fd13152f89a40ad203def5d57bca79272f4bad38

  • SSDEEP

    12288:Oms2Q6RMZ71thek84lIWjFxXWCWiomD3ipk6qrdeSWoJT++AiIbYho/sVQxSMsUc:AXt1Of4wax6qRfJT+RieGo/SpUYJ

Score
10/10
redlinesectopratyoutubediscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

youtube

C2

193.233.255.86:30607

Targets

    • Target

      PhoenixCheat.exe

    • Size

      815KB

    • MD5

      1e851ef03fdca4e4e549e0e8946b223e

    • SHA1

      12d6b15118d051cef5174f5fe0b85a59a524fe1c

    • SHA256

      aec8c0045f51d92b2c9922446319c2f19092bdeecf7861b248dd7203bb4147b8

    • SHA512

      a0d140b7ea9843f90abf1faf1b526ff8647b0fd14252c402b87c87d33775042ca6bb51820bb83418f9fcda67fd13152f89a40ad203def5d57bca79272f4bad38

    • SSDEEP

      12288:Oms2Q6RMZ71thek84lIWjFxXWCWiomD3ipk6qrdeSWoJT++AiIbYho/sVQxSMsUc:AXt1Of4wax6qRfJT+RieGo/SpUYJ

    Score
    10/10
    redlinesectopratyoutubediscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks