phorphiex | baa6ef7060d415d0f532f8d1cca7211cd8505c047ef6f2a296f4bf114d7a1f77 | Triage

Sharing

General

Target

2024-04-10_f5781450530d190f11e4e9b17e5a8b88_mafia
Size

3.5MB
Sample

240410-lgjm3saf44
MD5

f5781450530d190f11e4e9b17e5a8b88
SHA1

1b8191582057ab61d32df092b17e069d187b94ee
SHA256

baa6ef7060d415d0f532f8d1cca7211cd8505c047ef6f2a296f4bf114d7a1f77
SHA512

f1f8cc28ff0c758e95bbd185325006979d92e55dfaf513a5400dc9c2d91640e4b0a6e5c3533930129553d92645ce879aea1d09f036a696a01fbc66e37e723942
SSDEEP

98304:vkbGJF3kPtU93KIkoIlByss8No7kEGDykcgD5Of:s+3/ea8ikEGDNO

Score

10^/10

phorphiex evasion loader persistence trojan worm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b

THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto

1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6

qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL

LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX

rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH

ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH

t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn

bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd

bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg

bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE

Targets

- Target
  
  2024-04-10_f5781450530d190f11e4e9b17e5a8b88_mafia
- Size
  
  3.5MB
- MD5
  
  f5781450530d190f11e4e9b17e5a8b88
- SHA1
  
  1b8191582057ab61d32df092b17e069d187b94ee
- SHA256
  
  baa6ef7060d415d0f532f8d1cca7211cd8505c047ef6f2a296f4bf114d7a1f77
- SHA512
  
  f1f8cc28ff0c758e95bbd185325006979d92e55dfaf513a5400dc9c2d91640e4b0a6e5c3533930129553d92645ce879aea1d09f036a696a01fbc66e37e723942
- SSDEEP
  
  98304:vkbGJF3kPtU93KIkoIlByss8No7kEGDykcgD5Of:s+3/ea8ikEGDNO
Score

10^/10

phorphiex evasion loader persistence trojan worm
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencetrojanworm

behavioral2

phorphiexevasionloaderpersistencetrojanworm