General
-
Target
Phoenix.zip
-
Size
5.1MB
-
Sample
240229-wfhphagf97
-
MD5
84af0ca83e646aeabf7f971619af70de
-
SHA1
1d09b2473fe4ab7d986db40d4c776d113fd04d6d
-
SHA256
10c7e9495e540a52298321b1ef81384b49d758c88fefe2628586935ef786d592
-
SHA512
88fd639359baa3b72eb3aed4a00c46fe3cb3609fabc0e537e7acfcbf47c4ba7c1b182b85aea6295da309872862e286a49a079a39321f97a79cb44072b01ffc89
-
SSDEEP
98304:de7du6j9Ec4q/pMwMxl4rStfY66cAujXznxvfhq3ryKDY8KEwmwVy:de7UyZxWX4roR6cL1vJq334w
Behavioral task
behavioral1
Sample
Phoenix/Phoenix.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Phoenix/extatent.dll
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
Phoenix/Phoenix.exe
-
Size
5.2MB
-
MD5
71f6738bd7ee567da4b19dd5194687a1
-
SHA1
e6c4c70f2d186d5d2ab440eb6163d00e45163fc9
-
SHA256
443f9491285d98c88f6e7221a715b3b8a11147e8d7f18a415968bb47bd99b1f8
-
SHA512
11da4b263c5fd2c4c3648eb4d024f0c50ac327163492f783d49fa3f8d4455fb6a7f2d6d71e31cc8e8e4022df05739cd71c68847a01f80a4caf5393c79b20f32a
-
SSDEEP
98304:VC79wYjl2ceg/ZmgIJl0rktfO66UKmDdZ/rB5hWx3++7wkgmSO/7FVdsO:VC7Ss7ZUx0rK/6UtJBzWxv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Phoenix/extatent.dll
-
Size
50KB
-
MD5
f84f78ece6c9ef29b04cc98f1f750269
-
SHA1
68c5b5ef5428f743b5697c1df25fa464b0eca663
-
SHA256
5209885412b40aebde676388b84e301aaa22b501e4a2668fd2585e77f3092907
-
SHA512
8aefcd0752430fd7e3b1b6ee42c41b7a3d901d8418e68777388963e6f2b88f660c86bf872561d1db2614523da532dfee6c92f043dde683e27a0109dafbecfebf
-
SSDEEP
768:i4gOx89NGERw2A11HI+bFK603JLw8MdErw6dNi64+KuIXk+Xy9jZk0lT1ehZTLhW:iDGB2KHIwoKZdxwZk0T+ZTLhJk
Score1/10 -