phoenix | 430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3 | Triage

Submit
Reports

Overview

overview

Static

static

5

19985d9cf3...18.exe

windows7-x64

19985d9cf3...18.exe

windows10-2004-x64

Sharing

General

Target

19985d9cf3390bfd2b4365a4c2626498_JaffaCakes118
Size

1.4MB
Sample

240505-2zv2tsgg91
MD5

19985d9cf3390bfd2b4365a4c2626498
SHA1

91c3f560a072a648d30d1fbcddc41f0c55379bbb
SHA256

430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3
SHA512

871d9577cc1b16e8ba70c8ad796cac075061390c4760aff7ea6b09b034e3bf66cba757c54f6bc01fbe41d0d06a0ae636c376c25e731531490485af588348fadf
SSDEEP

24576:Su6Jx3O0c+JY5UZ+XC0kGso/Wa3319WhXAn4qAVAddJg4O15iPk3VWY:UI0c++OCvkGsUWaSwJAVkbA56kwY

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

19985d9cf3390bfd2b4365a4c2626498_JaffaCakes118.exe

Resource

win7-20240215-en

phoenix collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

19985d9cf3390bfd2b4365a4c2626498_JaffaCakes118.exe

Resource

win10v2004-20240419-en

phoenix collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
silverlinehospital.in
Port:
587
Username:
[email protected]
Password:
Bukky101@

Targets

- Target
  
  19985d9cf3390bfd2b4365a4c2626498_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  19985d9cf3390bfd2b4365a4c2626498
- SHA1
  
  91c3f560a072a648d30d1fbcddc41f0c55379bbb
- SHA256
  
  430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3
- SHA512
  
  871d9577cc1b16e8ba70c8ad796cac075061390c4760aff7ea6b09b034e3bf66cba757c54f6bc01fbe41d0d06a0ae636c376c25e731531490485af588348fadf
- SSDEEP
  
  24576:Su6Jx3O0c+JY5UZ+XC0kGso/Wa3319WhXAn4qAVAddJg4O15iPk3VWY:UI0c++OCvkGsUWaSwJAVkbA56kwY
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

phoenixcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy