0adf25603532d33bffa96f8c889f576f928e0127fc06122d9367eb39eedd39e2

Resubmissions

23/09/2023, 23:40

230923-3n4p9scf28 8

Sharing

Copy URL

Twitter E-mail

General

Target

Phoenix.rar
Size

6.5MB
Sample

230923-3n4p9scf28
MD5

63cebf3c5c481802464dcc2f29f44eb4
SHA1

fe4716a0f3b40c375b067a6cfb145fcc173cb76c
SHA256

0adf25603532d33bffa96f8c889f576f928e0127fc06122d9367eb39eedd39e2
SHA512

cc314a57341157acdcd8dd015b3b253cd1ef04a725d9e2e012ec2f1bb51fd30f8eb5c628a609811ae4c9bcce0717cc73c05f11b0df968161bb8fc9faef399c3a
SSDEEP

196608:4ouCW0D6evV0rFs3H/RU7vghrtmRqAdOelC+kSCnyeZuKHb:vzL2yJU7YjmRblCwCny+Hb

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Phoenix.rar
- Size
  
  6.5MB
- MD5
  
  63cebf3c5c481802464dcc2f29f44eb4
- SHA1
  
  fe4716a0f3b40c375b067a6cfb145fcc173cb76c
- SHA256
  
  0adf25603532d33bffa96f8c889f576f928e0127fc06122d9367eb39eedd39e2
- SHA512
  
  cc314a57341157acdcd8dd015b3b253cd1ef04a725d9e2e012ec2f1bb51fd30f8eb5c628a609811ae4c9bcce0717cc73c05f11b0df968161bb8fc9faef399c3a
- SSDEEP
  
  196608:4ouCW0D6evV0rFs3H/RU7vghrtmRqAdOelC+kSCnyeZuKHb:vzL2yJU7YjmRblCwCny+Hb
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  Phoenix/AngleSharp.dll
- Size
  
  861KB
- MD5
  
  ba231be096738680abadcb0504361b6e
- SHA1
  
  7eb1609f8643d1964ec252f897c05a10345b7d85
- SHA256
  
  78e304f09e0af840441733b89bb3c268109fa1c4200085a7c1edb097b6723d7a
- SHA512
  
  3a662033bbd0688cd76da84970d988c6932912a7cbac7f6ed1b26e32f480e9ac4866609764334a610c3b8b52de4d52c557e23d3ea111f154ff41e426d14923cc
- SSDEEP
  
  6144:JnFGmSD2smAF5DvLpN15eNcWx0x1DOlzWrBmXgis5zEJ0rlz6zoMJsJG/YLfjrkS:J8XlrNHwqd6aD26o2GckUMIC5Yq6ku
Score

1^/10
behavioral3 behavioral4
- Target
  
  Phoenix/Colorful.Console.dll
- Size
  
  88KB
- MD5
  
  89fab48df74cab3bb13ce012a1d3021c
- SHA1
  
  9e26dc19e7126be8fa150e2798e3be14c059afbb
- SHA256
  
  b8f2f0e9263129742e11bbaf56e0f082499a68d5113959b6a857ed51aa8a2570
- SHA512
  
  14a778f15a7e2bfa178aa73c6c8776b7812116915318ae6202250f66faacf276e514c97628d104ae687efe9dcbb14a0ac48b2658fc1218bd2448cee473132c52
- SSDEEP
  
  1536:1yQJm5aA5hedAW4B2nBKc6dQ/lawQ/ddbrL:1ccA5QdO2B9Wsl/Q/PL
Score

1^/10
behavioral5 behavioral6
- Target
  
  Phoenix/ICSharpCode.SharpZipLib.dll
- Size
  
  243KB
- MD5
  
  4fe179ef90fa134b8e564ab7ff9bd903
- SHA1
  
  350090780710aa3448e2bd3b814eedefcc6026a5
- SHA256
  
  d35291416c0b7dec5232486b26406f4d02da190ca8237b53542d20f24135eac7
- SHA512
  
  321092782a5ddc78b3cd1b5395ae8818e0cfab762b48f0fcd9bde4b1ab9c40b374d3a910efe67e6fead3b7aecf378055c7feb97e3c8198f83a13bd6612a23411
- SSDEEP
  
  6144:6Po8JC1HXfrusPX/qQCSdAFRLtaMimzXo0f:69C13fr1v/qO6yiXo
Score

1^/10
behavioral7 behavioral8
- Target
  
  Phoenix/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral10 behavioral9
- Target
  
  Phoenix/Phoenix.dll
- Size
  
  335KB
- MD5
  
  15a1cedc996c0ae8f07ff74dfe6c70e7
- SHA1
  
  54d5c6d68a11a2a5742e25df0f06cc9f178095cc
- SHA256
  
  d568145624f1bebf3ce071e857f1a5109d00ce1f25ef23e8091ae7e07b5d3743
- SHA512
  
  9cb32cdab4b15c0c3c9db874561ed8835ad01221ca99d8db32b135908c3a18c436f476906f57ee4ce3ddb45b31a9d36ac926a8346e606d9f53063aa84eb8c20f
- SSDEEP
  
  3072:KO2NQBeeWeALKxR2QDTpYAA8sHqAQA/VoxrdtSZtV2u+Q:KZA3oS2gTiPHqAZ/exrdKV2
Score

1^/10
behavioral11 behavioral12
- Target
  
  Phoenix/Phoenix.exe
- Size
  
  414KB
- MD5
  
  ec4d07a1cf9fe38c0a3d38f43acadbef
- SHA1
  
  0d0a5d4054389ceeffb3c58a9a29f59f77598d88
- SHA256
  
  6bd40edf9f7a61561f1c0a061fc6715d551586c8db6655d9a5a30ce828887918
- SHA512
  
  d828317992968170492cac0ff3b1b34822dd8b5c891e008006da8451da7ee2712b8146cc01c15901b018046d9439fa73a4f406adf114bed4dba273a483ba7693
- SSDEEP
  
  6144:tIvK36o44QadTWYl/IK12gTiPHqAZ/exrdKV2:tIvKKadoS2aQYxRKV2
Score

1^/10
behavioral13 behavioral14
- Target
  
  Phoenix/Phoenix.runtimeconfig.json
- Size
  
  253B
- MD5
  
  39179c3a11d63cfeb42fae4a35085b48
- SHA1
  
  a480014e50f69e53f77cbeb0c1d200842f9875cd
- SHA256
  
  489a92c37422b7e5ce212f9701b7a081d887b895f88b91b000976131f90f823f
- SHA512
  
  39fa8b6e2ac64b9a4d9f75a5aae74cc9ae42440296fed8fa074ec0d0f15d10470ad2167ec3d7087222ce6824e571af5edda591e6c46a37d030ad147417f4b948
Score

3^/10
behavioral15 behavioral16
- Target
  
  Phoenix/WebDriver.dll
- Size
  
  6.0MB
- MD5
  
  df071bba2795f15834478309e6f01719
- SHA1
  
  6e1993c8fa7db5d9a6513c261e9c80a47a460c50
- SHA256
  
  27b1191b10a574e4ee2526ad8288b3005ae156ffcd189fc4d7f78a9d4e14b003
- SHA512
  
  314844239f4d3bebe6ca9b714028687b8acabb90a30619cb9f1e8308b3c49a50ea94a6a48972631829b379e5edb36c145299ec4089fc735fca2ba7c882b61bfb
- SSDEEP
  
  49152:LHhb4NysM6OL15POxIxluO5zYE4AI2t2y8gO54znQgO:Lh4Nyfi8qf
Score

1^/10
behavioral17 behavioral18
- Target
  
  Phoenix/WebDriverManager.dll
- Size
  
  28KB
- MD5
  
  e46c940c1b5063c0843ad3fc356f075c
- SHA1
  
  3a8a46d8b6a6d7bc5dce47ac6de7f80b7b6dd74a
- SHA256
  
  0b99bfe6a17ff026d4f762dbca7d1a6b1cdfc3c444b93a33b275475920e84612
- SHA512
  
  76aafb88e50968dbe7c4c131c11252ded77c74b4ff610e959e7cd15c757822d45581ee9cd8b87049b23739d7f63b3619a1a46f31e94fccbacc84a54532317fb2
- SSDEEP
  
  768:bH14xO5hrj2PIgEgb/4G5pU/upU0KpFp9B6heR:QO5hrj2jEO4G5pU/upU0KpFp9B6heR
Score

1^/10
behavioral19 behavioral20
- Target
  
  Phoenix/WorkingTokens.txt
- Size
  
  72B
- MD5
  
  605fb0eb86149575ddf8f1dfce9fe04f
- SHA1
  
  572295f401facfca5cc7eb0a8daa52da7cc0f5c9
- SHA256
  
  964cf36c864eacdbdc3c4cdd1ba6870b6e6ed1abc7f358e78ba436a16a38f900
- SHA512
  
  450de9b00570a44f29aff68f1b4dc2f964f69594a1a81a43edf34e5c8ca5ca82c7b02748aa7ced8726961da3f96413f941e44703628f9d9ff9a04d7662498463
Score

1^/10
behavioral21 behavioral22
- Target
  
  Phoenix/selenium-manager/linux/selenium-manager
- Size
  
  5.1MB
- MD5
  
  3c0427a10050ccca43894fa59f1823be
- SHA1
  
  3b16ba025ca3bcb6b784bb514abea886978df0c9
- SHA256
  
  ebbc02f0fd1544a17a7efde19fd7735a9051c2e7f2a34b9b550d83be0d31d0e2
- SHA512
  
  c08455e4da190a9f0adb6f89ccd567ad299787069bf50297a76e0cbb585cc7d52e462a072d1570e66fc23fb8f0e7ac9cf700e3c2d6d0890480c9bfea212cf34e
- SSDEEP
  
  49152:H4WpaYFn6C+0OEBaYFyMzKSZgk954Aq845rqXgno8Y5/BP11seeSeY1inLOeIwzH:HO8pbt1peYcOeIAqAX/+WT
Score

1^/10
behavioral23 behavioral24
- Target
  
  Phoenix/selenium-manager/macos/selenium-manager
- Size
  
  3.4MB
- MD5
  
  83f9afe3e15bd336a890986a468b524a
- SHA1
  
  9c8f2e127a5a9ed45ab415fe8ab4133f7f7876d9
- SHA256
  
  45d77e84cf3162fbe314f71bb2a973fcc9e1403bc2ceabedcd12bc54d6949bbf
- SHA512
  
  69fbbc4536206c56f05d28d0a0d3c915501f8ed54fe4cccc02dc3ad6a9117fc6b4daab17bf7acd4781f6afa31479e9fe21cff3f7edd8498b7aaeb7dab4db8cb0
- SSDEEP
  
  98304:hcdZamx59U8CIVO1btTbpRmQ+il5oAHTd:ap4bUQym
Score

1^/10
behavioral25 behavioral26
- Target
  
  Phoenix/selenium-manager/windows/selenium-manager.exe
- Size
  
  3.4MB
- MD5
  
  138ab682b68dc90cd96301b4a077699f
- SHA1
  
  d1a5168201893a73e01072d43571c9caef946fde
- SHA256
  
  a1cef0ed9398e7f7e6cef1cb637790a97dc3f0a9d233c1bc5804e1e45b50f959
- SHA512
  
  f909c88fafbc27ac8d808fe4fd68441dfcaabb56a8f9bffe7b2345e6a5993719e8259a4efee4cfb05e3341ca801810f2062df8bb670c160b5686ebd73ae3c003
- SSDEEP
  
  49152:84B3DV5ULyZu823kMZUKWrUkvRXA3VVgrKf62a8cvze5c71h8XIU6iCVWN:P3cPgjWVgrKy2We5cZ+
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28