General
-
Target
749ca850ede36a942a2ff2984313299f_JaffaCakes118
-
Size
454KB
-
Sample
240526-hcmbmaaa7t
-
MD5
749ca850ede36a942a2ff2984313299f
-
SHA1
b1d42108b09427c61e846b8f4f819cfe78f922a6
-
SHA256
1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b
-
SHA512
5092010bf481b619d53ee20d4be12f5383429aeaec6e8991eb6ccaecdbb25bdf7d729d044d4d39227888230689877829dd8406c4c8f5154fdac7bd48f78063ea
-
SSDEEP
6144:2W7UQ+lpxgdm6zNc2aDiUkMwxxnwy29CNbc0kPF7c5RZs:Ygdm6zNfFxxnwdv4Zs
Malware Config
Extracted
phorphiex
http://185.176.27.132/
http://urusurofhsorhfuuhr.su/
http://aeifaeifhutuhuhusr.su/
http://rzhsudhugugfugugsr.su/
http://bfagzzezgaegzgfair.su/
http://eaeuafhuaegfugeudr.su/
http://aeufuaehfiuehfuhfr.su/
http://daedagheauehfuuhfr.su/
http://aeoughaoheguaoehdr.su/
http://eguaheoghouughahsr.su/
http://huaeokaefoaeguaehr.su/
http://afaeigaifgsgrhhafr.su/
http://afaigaeigieufuifir.su/
http://geauhouefheuutiiir.su/
http://gaoheeuofhefefhutr.su/
http://gaouehaehfoaeajrsr.su/
http://gaohrhurhuhruhfsdr.su/
http://gaghpaheiafhjefijr.su/
http://gaoehuoaoefhuhfugr.su/
http://aegohaohuoruitiier.su/
13cQ2H6oszrEnvw1ZGdsPix9gUayB8tzNa
qr5pm4d27z250wpz4sfy08ytghxn56kryvsw5tdw99
XfrM8P9YWSg8mQTxSCCxyHUeQjMEGx8vnE
DSG5PddW9wu1eKdLcx4f3KBF4wUvaBFaGc
0x373b9854c9e4511b920372f5495640cdc25d6832
LSermtCTLWeS683x17AtYuhNT8MpMmVmi8
t1XgRHyGj6YDNqkS5EWwdcXG1rjQPFFdUsR
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
Targets
-
-
Target
749ca850ede36a942a2ff2984313299f_JaffaCakes118
-
Size
454KB
-
MD5
749ca850ede36a942a2ff2984313299f
-
SHA1
b1d42108b09427c61e846b8f4f819cfe78f922a6
-
SHA256
1a7d054abcd9570fa89ab81ed211b37bc59b513a13d5f8db900392a988e5043b
-
SHA512
5092010bf481b619d53ee20d4be12f5383429aeaec6e8991eb6ccaecdbb25bdf7d729d044d4d39227888230689877829dd8406c4c8f5154fdac7bd48f78063ea
-
SSDEEP
6144:2W7UQ+lpxgdm6zNc2aDiUkMwxxnwy29CNbc0kPF7c5RZs:Ygdm6zNfFxxnwdv4Zs
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Phorphiex payload
-
Phorphiex, Phorpiex
Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1