General

  • Target

    Phoenix.zip

  • Size

    5.1MB

  • MD5

    0c7916a72107fe8eca3c352b71780bd9

  • SHA1

    7519e933b2e814005e9228ec09d01ed5c6d6a7ad

  • SHA256

    0cad29756bfaaaae607837ba1426a05db939c326c8bbefefe8033dc2add2b33c

  • SHA512

    7ab21ac422ffa802ce3cf3e173ad8ca096da528e7307d05b351288fc06def96097ce21f5eb2421b21b29ad83a9065fa9928f6a2dcd20dd3b9440e3109fb60709

  • SSDEEP

    98304:N0UWOv+B1M/p7Erypcw/XZHWZifHfQZ6490wLDsdkE0r0:DWOv+BmB7rpcQJ8eHoZx90wLWjg0

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Phoenix.zip
    .zip
  • Phoenix/Phoenix.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Phoenix/extatent.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections