phorphiex | 16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad | Triage

Submit
Reports

Overview

overview

Static

static

16f57fec90...ad.exe

windows7-x64

16f57fec90...ad.exe

windows10-2004-x64

Sharing

General

Target

16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad
Size

2.4MB
Sample

240407-xk4cfabe4v
MD5

41e482cd92834fac4e45c9de44102785
SHA1

653a00ed747400d9dd0c8f362048a75ccef3b8c7
SHA256

16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad
SHA512

70a123939478276908843acec2d6d30f7255e57eebab7f1de00bffd389abd304eb6237fd94a92d538e55c4ded0935bcd81aab24cbc332a397b833c32aad9ee46
SSDEEP

24576:RnAnKcqafbuHDZS2Xqbzsbx+80kL1y4/pCb9vEYhqKDhQBz8NA66W8MX:mn7fq1SfzIx+4JdWEim8ALWXX

Score

10^/10

phorphiex evasion loader persistence trojan upx worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad.exe

Resource

win7-20240221-en

phorphiex evasion loader persistence trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad.exe

Resource

win10v2004-20240226-en

phorphiex evasion loader persistence trojan upx worm

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b

THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto

1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6

qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL

LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX

rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH

ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH

t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn

bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd

bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg

bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE

Targets

- Target
  
  16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad
- Size
  
  2.4MB
- MD5
  
  41e482cd92834fac4e45c9de44102785
- SHA1
  
  653a00ed747400d9dd0c8f362048a75ccef3b8c7
- SHA256
  
  16f57fec906660d12fd7350d48b339c852379a22c1a7117de9573b5b44a38bad
- SHA512
  
  70a123939478276908843acec2d6d30f7255e57eebab7f1de00bffd389abd304eb6237fd94a92d538e55c4ded0935bcd81aab24cbc332a397b833c32aad9ee46
- SSDEEP
  
  24576:RnAnKcqafbuHDZS2Xqbzsbx+80kL1y4/pCb9vEYhqKDhQBz8NA66W8MX:mn7fq1SfzIx+4JdWEim8ALWXX
Score

10^/10

phorphiex evasion loader persistence trojan upx worm
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX dump on OEP (original entry point)
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencetrojanupxworm

behavioral2

phorphiexevasionloaderpersistencetrojanupxworm

© 2018-2024

Terms | Privacy