General

  • Target

    2dd02ccf7a6df802b1324389ea4906e5_JaffaCakes118

  • Size

    320KB

  • Sample

    240510-hbrjysga8y

  • MD5

    2dd02ccf7a6df802b1324389ea4906e5

  • SHA1

    3a0c5200f2141fabde18ee56b5a86b23fd5399a9

  • SHA256

    d29deb9d361f4cae9aed1fd87448ed683cc3418defa20bc84946581bb02ef309

  • SHA512

    295b56536cf8aef5d1025c79886d17b1bdbb4211acb26acaa919921f68ee5ab4abfe228ba97f98186df09f02083c41ea306b56b06f4e85d292627962ec254a26

  • SSDEEP

    6144:g4KsCYthSgTwEXat/el4l00CTR4HjvmwOM1:g4tCYHqEXY/e3VQx1

Malware Config

Extracted

Family

phorphiex

C2

http://193.32.161.73/

http://gosurrhrguhr.cc/

http://goheufuhufdr.cc/

http://olruheuuruur.cc/

http://buaeabguguur.cc/

http://ebgiaueghuur.cc/

http://bfbaiefiheir.cc/

http://eeeieiieirdr.cc/

http://abfeiagihisr.cc/

http://nkoaefuhfuhr.cc/

http://ezaziiezfzgr.cc/

http://egaueuefuhgr.cc/

http://aoufauhuefur.cc/

http://aieiiieitter.cc/

http://miokpkaeofkr.cc/

http://rzauerzueutr.cc/

http://gosurrhrguho.co/

http://goheufuhufdo.co/

http://olruheuuruuo.co/

http://buaeabguguuo.co/

Wallets

1L6sJ7pmk6EGMUoTmpdbLez9dXACcirRHh

qzgdgnfd805z83wpu04rhld0yqs4dlrd35ll0ltqql

Xt8ZtCcG9BFoc7NfUNBVnxcTvYT4mmzh5i

D7otx94yAiXMUuuff23v8PAYH5XpkdQ89M

0xa5228127395263575a4b4f532e4f132b14599d24

LUMrZN6GTetcrXtzMmRayLpRN9JrCNcTe7

t1PVHo3JR9ZAxMxRXgTziGBeDwfb5Gwm64z

Targets

    • Target

      2dd02ccf7a6df802b1324389ea4906e5_JaffaCakes118

    • Size

      320KB

    • MD5

      2dd02ccf7a6df802b1324389ea4906e5

    • SHA1

      3a0c5200f2141fabde18ee56b5a86b23fd5399a9

    • SHA256

      d29deb9d361f4cae9aed1fd87448ed683cc3418defa20bc84946581bb02ef309

    • SHA512

      295b56536cf8aef5d1025c79886d17b1bdbb4211acb26acaa919921f68ee5ab4abfe228ba97f98186df09f02083c41ea306b56b06f4e85d292627962ec254a26

    • SSDEEP

      6144:g4KsCYthSgTwEXat/el4l00CTR4HjvmwOM1:g4tCYHqEXY/e3VQx1

    • Modifies Windows Defender Real-time Protection settings

    • Phorphiex

      Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    • Phorphiex payload

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks