phorphiex | 3f16f4550826076b2c8cd7b392ee649aeb06740328658a2d30c3d2002c6b7879 | Triage

Sharing

General

Target

tmp
Size

79KB
Sample

240415-tmrvmscg91
MD5

1e8a2ed2e3f35620fb6b8c2a782a57f3
SHA1

e924ce6d147ecc8b30b7c7cad02e5c9ae09a743a
SHA256

3f16f4550826076b2c8cd7b392ee649aeb06740328658a2d30c3d2002c6b7879
SHA512

ce4dc7fdd7f81a7a127d650f9175292b287b4803d815d74b64a4e5125cff66224d75e7ecade1d9c0e42f870bdb49a78e9613b1a49675ab5bc098611b99b49ade
SSDEEP

1536:y3Mz8f2Z9F1nc2ZWEa5pFeStStfFPeeeeeeeeWeeeee:ZwfYFRVZWz3XtStfF

Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b

THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto

1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6

qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL

LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX

rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH

ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH

t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn

bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd

bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg

bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE

Targets

- Target
  
  tmp
- Size
  
  79KB
- MD5
  
  1e8a2ed2e3f35620fb6b8c2a782a57f3
- SHA1
  
  e924ce6d147ecc8b30b7c7cad02e5c9ae09a743a
- SHA256
  
  3f16f4550826076b2c8cd7b392ee649aeb06740328658a2d30c3d2002c6b7879
- SHA512
  
  ce4dc7fdd7f81a7a127d650f9175292b287b4803d815d74b64a4e5125cff66224d75e7ecade1d9c0e42f870bdb49a78e9613b1a49675ab5bc098611b99b49ade
- SSDEEP
  
  1536:y3Mz8f2Z9F1nc2ZWEa5pFeStStfFPeeeeeeeeWeeeee:ZwfYFRVZWz3XtStfF
Score

10^/10

phorphiex evasion loader persistence spyware stealer trojan worm
- Modifies security service
  evasion
- Phorphiex
  Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phorphiexevasionloaderpersistencespywarestealertrojanworm

behavioral2

phorphiexevasionloaderpersistencespywarestealertrojanworm