83cc0f059a58a7ba0b85449565a01eac9ee543c8ef42e5a2a99f4ad1e41e510d | Triage

Sharing

General

Target

PhoenixEditor Install.rar
Size

15.4MB
Sample

240425-1h285sfd57
MD5

cea3bec4533a241ca6f5dbe53f7c90e1
SHA1

aa837ed847e5af498eb278103e2ba999eb9b614c
SHA256

83cc0f059a58a7ba0b85449565a01eac9ee543c8ef42e5a2a99f4ad1e41e510d
SHA512

263ce307531be31bd6aa7389589ccbb8adb7110a52d9b66c865c4722f76fed8e7f871c8683a715da49aa4f728326c1e085d722017c214a98344324f0570acc15
SSDEEP

393216:QJD6uwynM/HNOFbg/fGTTgYrEQAcpu9A+5XG4R7X95:Q1nsHNOdCG/gYoNlXRr

Score

7^/10

discovery link pdf

Malware Config

Targets

- Target
  
  PhoenixEditor Install/PhoenixEditor-0.bin
- Size
  
  47KB
- MD5
  
  e4781ddf33cbadfb6cd1dcef56a6df45
- SHA1
  
  1cdb52b1a09c08b77aaa69a23af49877bd7dccee
- SHA256
  
  9c3e819eed218666eb2f52725e6f4168c98c0ae84fd7af1757e5d2556d869090
- SHA512
  
  4efa9c38729c87b0330e1edd0a3978f20826679e880b82bd649c20d6ec8f12c315a7c549f95f42c5fe82a103dc15e544e0f9be22603773c82d104d236cd0f553
- SSDEEP
  
  768:OISk9vG5VXFkPKAA2lX7PubC1QI1+Yg4l2t9D5ufhaFataCeD0jDEVosbl:OISkg5VVkP3XLCI1U59DspCatva0jQVV
Score

3^/10
behavioral1
- Target
  
  PhoenixEditor Install/PhoenixEditor-1.bin
- Size
  
  13.5MB
- MD5
  
  f5522550f260f76e2da15adcdbe225b6
- SHA1
  
  f745e1190a31fe39d515a6c313b9ab31e7499b3f
- SHA256
  
  1e5115a02dac88da3b00d1e474fa4a0a0ac043c29a4e2caf68847af9b6b4cbf7
- SHA512
  
  2bdb6f81c6e15fe255f9be45ce0638f685bf6542fd5d7b13c3337b4908e71984cc480499651d6bc13204dd50000f06b8b7790f2dbf32a0158fc7cdd69d5ecfb2
- SSDEEP
  
  393216:bD6uwynM/HNOFbg/fGTTgYrEQAcpu9A+5XG4z:HnsHNOdCG/gYoNlX/
Score

3^/10
behavioral2
- Target
  
  PhoenixEditor Install/PhoenixEditor.exe
- Size
  
  3.0MB
- MD5
  
  cb29b76b869b140eeaa8fbbf985f8edf
- SHA1
  
  9aa79a693b59e7c96f4b51ac30128c3ade8da42a
- SHA256
  
  ecec7315fdb370105f9fff3915191ab65d0ae7d038756593256d696b9aad5347
- SHA512
  
  a662144a18c823e0bf951f9f510fb31dc46250d1911348190761997b2b5c6bf08513ccbd2388d5b6ac9182eb9a989735cb3a03c8f5715dde6be538076b9dcc63
- SSDEEP
  
  49152:jWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTb7333Kq:dtLutqgwh4NYxtJpkxhGs333X
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3