Overview

overview

10

Static

static

10

8cd916321f...8c.exe

windows7-x64

10

8cd916321f...8c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    701f8e268aa14d487e3fa1f92e41d89c38f3245c8246e66c2cdd5114367e295d

  • Size

    58KB

  • Sample

    240417-r8nn1ach98

  • MD5

    e270b8fff1d521742ba7b23add358e1f

  • SHA1

    76521478ff57a2e8e5d9911f8efcb1560aba2ef8

  • SHA256

    701f8e268aa14d487e3fa1f92e41d89c38f3245c8246e66c2cdd5114367e295d

  • SHA512

    e7c7ac77474ed360a0d8fdc87e5906ef4d64eb3e6cdde2175f9207226f70c5e416f4765d3672296470090f3a36b1f1f291303df07efde328b60e2a7fe5c21073

  • SSDEEP

    768:/rU9jWDlRszk3D/zv4CVhgjqThtpabxDtj60wayA9GhUDUpSpU3kqK3bFkIRBnbW:olmrsEzzv4OpThtpabxwCPQYJ/zbW

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Targets

    • Target

      8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c.exe

    • Size

      112KB

    • MD5

      2d5e7babf1b2d92b56fda0b9044f889a

    • SHA1

      d2f1f6a1e267172fc183a0d1a2affdd26145f59d

    • SHA256

      8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c

    • SHA512

      68167664fc5e957b9aee18713ddf975823a73713d6c2fe31f532dcb53bee280a7fbfda68961a514d049558c602d74e91b24995fc1153e3f376cea5ebc7f93688

    • SSDEEP

      3072:8q7DiX2FNAVWllSP8QLZwgtTIFFjB/0SA:N7DiQWTlZw3FjJA

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Phorphiex payload

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks