Overview

overview

10

Static

static

3

2dd02ccf7a...18.exe

windows7-x64

10

2dd02ccf7a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dd02ccf7a6df802b1324389ea4906e5_JaffaCakes118

  • Size

    320KB

  • Sample

    240510-hbrjysga8y

  • MD5

    2dd02ccf7a6df802b1324389ea4906e5

  • SHA1

    3a0c5200f2141fabde18ee56b5a86b23fd5399a9

  • SHA256

    d29deb9d361f4cae9aed1fd87448ed683cc3418defa20bc84946581bb02ef309

  • SHA512

    295b56536cf8aef5d1025c79886d17b1bdbb4211acb26acaa919921f68ee5ab4abfe228ba97f98186df09f02083c41ea306b56b06f4e85d292627962ec254a26

  • SSDEEP

    6144:g4KsCYthSgTwEXat/el4l00CTR4HjvmwOM1:g4tCYHqEXY/e3VQx1

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://193.32.161.73/

http://gosurrhrguhr.cc/

http://goheufuhufdr.cc/

http://olruheuuruur.cc/

http://buaeabguguur.cc/

http://ebgiaueghuur.cc/

http://bfbaiefiheir.cc/

http://eeeieiieirdr.cc/

http://abfeiagihisr.cc/

http://nkoaefuhfuhr.cc/

http://ezaziiezfzgr.cc/

http://egaueuefuhgr.cc/

http://aoufauhuefur.cc/

http://aieiiieitter.cc/

http://miokpkaeofkr.cc/

http://rzauerzueutr.cc/

http://gosurrhrguho.co/

http://goheufuhufdo.co/

http://olruheuuruuo.co/

http://buaeabguguuo.co/
Wallets

1L6sJ7pmk6EGMUoTmpdbLez9dXACcirRHh

qzgdgnfd805z83wpu04rhld0yqs4dlrd35ll0ltqql

Xt8ZtCcG9BFoc7NfUNBVnxcTvYT4mmzh5i

D7otx94yAiXMUuuff23v8PAYH5XpkdQ89M

0xa5228127395263575a4b4f532e4f132b14599d24

LUMrZN6GTetcrXtzMmRayLpRN9JrCNcTe7

t1PVHo3JR9ZAxMxRXgTziGBeDwfb5Gwm64z

Targets

    • Target

      2dd02ccf7a6df802b1324389ea4906e5_JaffaCakes118

    • Size

      320KB

    • MD5

      2dd02ccf7a6df802b1324389ea4906e5

    • SHA1

      3a0c5200f2141fabde18ee56b5a86b23fd5399a9

    • SHA256

      d29deb9d361f4cae9aed1fd87448ed683cc3418defa20bc84946581bb02ef309

    • SHA512

      295b56536cf8aef5d1025c79886d17b1bdbb4211acb26acaa919921f68ee5ab4abfe228ba97f98186df09f02083c41ea306b56b06f4e85d292627962ec254a26

    • SSDEEP

      6144:g4KsCYthSgTwEXat/el4l00CTR4HjvmwOM1:g4tCYHqEXY/e3VQx1

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Phorphiex payload

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

4
T1112

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks