General

  • Target

    smes.exe

  • Size

    1.1MB

  • Sample

    230827-k2qfpagf22

  • MD5

    2c9f626447ae964cea8cc43daf078e70

  • SHA1

    e6f9fed713f822348c289ab37e1e559f6738865e

  • SHA256

    1650fa7dfd5cc553776b130e27195d407ab18a356773e0c4b471102764ef25dd

  • SHA512

    65ccfa2a7ad4167aa157ece29906411dc2a4dd45027520e89f1a29c3a4ef6315b404c8ecf3a54f7b7ab348635b813f0a96f762ba2633d4499f9a56eb53978449

  • SSDEEP

    24576:Xu6J33O0c+JY5UZ+XC0kGso6Fa1BNv36j/5n8WY:xu0c++OCvkGs9Fa1eTBY

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    bhavnatutor.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Onyeoba111

Targets

    • Target

      smes.exe

    • Size

      1.1MB

    • MD5

      2c9f626447ae964cea8cc43daf078e70

    • SHA1

      e6f9fed713f822348c289ab37e1e559f6738865e

    • SHA256

      1650fa7dfd5cc553776b130e27195d407ab18a356773e0c4b471102764ef25dd

    • SHA512

      65ccfa2a7ad4167aa157ece29906411dc2a4dd45027520e89f1a29c3a4ef6315b404c8ecf3a54f7b7ab348635b813f0a96f762ba2633d4499f9a56eb53978449

    • SSDEEP

      24576:Xu6J33O0c+JY5UZ+XC0kGso6Fa1BNv36j/5n8WY:xu0c++OCvkGs9Fa1eTBY

    • Phoenix Keylogger

      Phoenix is a keylogger and info stealer first seen in July 2019.

    • Phoenix Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks