Overview

overview

10

Static

static

10

Phoenix/Anarchy.dll

windows7-x64

1

Phoenix/Anarchy.dll

windows10-2004-x64

1

Phoenix/Di...PC.dll

windows7-x64

1

Phoenix/Di...PC.dll

windows10-2004-x64

1

Phoenix/Guna.UI2.dll

windows7-x64

1

Phoenix/Guna.UI2.dll

windows10-2004-x64

1

Phoenix/Ne...on.dll

windows7-x64

1

Phoenix/Ne...on.dll

windows10-2004-x64

1

Phoenix/Phoenix.exe

windows7-x64

10

Phoenix/Phoenix.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-04-2024 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Phoenix/Phoenix.exe

  • Size

    5.6MB

  • MD5

    1e09922d9ebca4374a64998bc0949bde

  • SHA1

    474e620e852339cf01c44721d6f8663144d4ebd1

  • SHA256

    539635d689f2d880bf0e29b6fbc95fa7df68d7d818e0096fba7a8700846a4dc3

  • SHA512

    07f63b8bf6e2b4781d859e7a3dc6d85209709ad32c74d68789a435972200c78404d5fdfbc23cd4cb9783d2bacb707b88ef88aed38f0a7a9faf56b2b3ccd6b748

  • SSDEEP

    98304:iDVt2sjC7YM1eqh85elVOlVdsOdlVdsO3BbBWIgWljGxRB/LL8pVds+:7siYM0qh85eli4xRBj

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Phoenix\Phoenix.exe
    "C:\Users\Admin\AppData\Local\Temp\Phoenix\Phoenix.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2992 -s 1356
      2⤵
        PID:2592

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2992-1-0x000007FEF5A70000-0x000007FEF645C000-memory.dmp
      Filesize

      9.9MB

      Download
    • memory/2992-0-0x0000000000CF0000-0x000000000167C000-memory.dmp
      Filesize

      9.5MB

      Download
    • memory/2992-2-0x00000000003C0000-0x00000000003C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2992-3-0x0000000000450000-0x00000000004FE000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2992-4-0x000000001C440000-0x000000001C652000-memory.dmp
      Filesize

      2.1MB

      Download
    • memory/2992-5-0x00000000003D0000-0x00000000003EA000-memory.dmp
      Filesize

      104KB

      Download
    • memory/2992-6-0x0000000000C20000-0x0000000000CD2000-memory.dmp
      Filesize

      712KB

      Download
    • memory/2992-7-0x000000001BDE0000-0x000000001BE60000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2992-8-0x000000001BDE0000-0x000000001BE60000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2992-9-0x000000001BDE0000-0x000000001BE60000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2992-10-0x000007FEF5A70000-0x000007FEF645C000-memory.dmp
      Filesize

      9.9MB

      Download
    • memory/2992-11-0x000000001BDE0000-0x000000001BE60000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2992-12-0x000000001BDE0000-0x000000001BE60000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2992-13-0x000000001BDE0000-0x000000001BE60000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2992-14-0x000007FEF5A70000-0x000007FEF645C000-memory.dmp
      Filesize

      9.9MB

      Download