cdc44464eb15e5903283de24e314aa1917d0b4850e584ecb800b211e4a0c1ee8 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Phoenix.exe

windows11-21h2-x64

9

Resubmissions

14/01/2024, 23:44

240114-3rb5eseeg5 9

14/01/2024, 23:43

240114-3qyl2aeeg4 9

Sharing

Copy URL Twitter E-mail

General

Target

Phoenix.exe
Size

12.7MB
Sample

240114-3rb5eseeg5
MD5

e056732708932298e6ca11194fcb7ced
SHA1

b8e89a5eef747df459697bd0ed33680967310ad9
SHA256

cdc44464eb15e5903283de24e314aa1917d0b4850e584ecb800b211e4a0c1ee8
SHA512

668f57fe8bcf68465e5845b1d4a7c9166bad092caacc9ee47758e3a091ddafadfca462cdacc8eb4aeabe2220140128e8c79120d9ca5e4500b5bd041f1fc2d25d
SSDEEP

196608:xEmzYCjmWIbhTiXz0qx+cUG4raKu24YY7HVT4hV0AD6QgqKRgX:mTCjSNTiD0XmKr4YYH+EUWpgX

Score

9^/10

evasion spyware stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Phoenix.exe

Resource

win11-20231222-en

evasion spyware stealer themida trojan

windows11-21h2-x64

10 signatures

600 seconds

Malware Config

Targets

- Target
  
  Phoenix.exe
- Size
  
  12.7MB
- MD5
  
  e056732708932298e6ca11194fcb7ced
- SHA1
  
  b8e89a5eef747df459697bd0ed33680967310ad9
- SHA256
  
  cdc44464eb15e5903283de24e314aa1917d0b4850e584ecb800b211e4a0c1ee8
- SHA512
  
  668f57fe8bcf68465e5845b1d4a7c9166bad092caacc9ee47758e3a091ddafadfca462cdacc8eb4aeabe2220140128e8c79120d9ca5e4500b5bd041f1fc2d25d
- SSDEEP
  
  196608:xEmzYCjmWIbhTiXz0qx+cUG4raKu24YY7HVT4hV0AD6QgqKRgX:mTCjSNTiD0XmKr4YYH+EUWpgX
Score

9^/10

evasion spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy