General
-
Target
500bed9b5e5d6c34b3d4ae345e2e35b1_JaffaCakes118
-
Size
404KB
-
Sample
240331-hrwtlsff4s
-
MD5
500bed9b5e5d6c34b3d4ae345e2e35b1
-
SHA1
cba707aab9662e089dbb2910641874322eaea3cd
-
SHA256
d0ccef7f73fee8814c4fff53d23b15b7836fd5a6828f137ba3c541badf22d642
-
SHA512
d7d9f646db94203759fcd97b2b60f8f67381eabd0bb2ad4a0abca497e046ff9c4aa72a3c9d06e4a3c2c6b8373cc9ea253b8f8583e8e48714bf3edd0a3737b157
-
SSDEEP
6144:69qlSqfb+QC82rv7pQsvKC1j7BQRyDo5Sv307a05LiSzt:69qRfb+QC8A7p/z6ygEd05LiEt
Malware Config
Extracted
phorphiex
http://185.176.27.132/
1Bn4JYKoVgQpZ73doWVFSNZBbwKj3cpJNR
qqsagteh4m6qunmgrrknulafzcdlmzn35yeggvq8qk
Xt8ZtCcG9BFoc7NfUNBVnxcTvYT4mmzh5i
D7otx94yAiXMUuuff23v8PAYH5XpkdQ89M
0x05F916216CC4BA6ac89b8093d474E2a1e6121c63
LUMrZN6GTetcrXtzMmRayLpRN9JrCNcTe7
t1PVHo3JR9ZAxMxRXgTziGBeDwfb5Gwm64z
Targets
-
-
Target
500bed9b5e5d6c34b3d4ae345e2e35b1_JaffaCakes118
-
Size
404KB
-
MD5
500bed9b5e5d6c34b3d4ae345e2e35b1
-
SHA1
cba707aab9662e089dbb2910641874322eaea3cd
-
SHA256
d0ccef7f73fee8814c4fff53d23b15b7836fd5a6828f137ba3c541badf22d642
-
SHA512
d7d9f646db94203759fcd97b2b60f8f67381eabd0bb2ad4a0abca497e046ff9c4aa72a3c9d06e4a3c2c6b8373cc9ea253b8f8583e8e48714bf3edd0a3737b157
-
SSDEEP
6144:69qlSqfb+QC82rv7pQsvKC1j7BQRyDo5Sv307a05LiSzt:69qRfb+QC8A7p/z6ygEd05LiEt
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Phorphiex
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Phorphiex payload
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1