Overview

overview

10

Static

static

3

pei.exe

windows10-2004-x64

10

pei.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pei.exe

  • Size

    9KB

  • Sample

    240531-ak1j8aff8t

  • MD5

    62b97cf4c0abafeda36e3fc101a5a022

  • SHA1

    328fae9acff3f17df6e9dc8d6ef1cec679d4eb2b

  • SHA256

    e172537adcee1fcdc8f16c23e43a5ac82c56a0347fa0197c08be979438a534ab

  • SHA512

    32bd7062aabd25205471cec8d292b820fc2fd2479da6fb723332887fc47036570bb2d25829acb7c883ccaaab272828c8effbc78f02a3deeabb47656f4b64eb24

  • SSDEEP

    96:zM2BLwN8GXhc1I+a8gnYFdj9DSYp+BYA8v7cVO15uJxGE9YUBz2qh3C7tCE4ecp:AIwNfC1TUYv9p+OF8JxTmUBzthcqp

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

http://5.42.96.117/

http://91.202.233.141/
Wallets

0xCa90599132C4D88907Bd8E046540284aa468a035

TRuGGXNDM1cavQ1AqMQHG8yfxP4QWVSMN6

qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r

XryzFMFVpDUvU7famUGf214EXD3xNUSmQf

LLeT2zkStY3cvxMBFhoWXkG5VuZPoezduv

rwc4LVd9ABpULQ1CuCpDkgX2xVB1fUijyb

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC

17hgMFyLDwMjxWqw5GhijhnPdJDyFDqecY

ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp

3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA

t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh

stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj

bnb1epx67ne4vckqmaj4gwke8m322f4yjr6eh52wqw

bc1qmpkehfffkr6phuklsksnd7nhgx0369sxu772m3

bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r

GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3
Attributes
  • mutex

    plo7udsa2s

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Targets

    • Target

      pei.exe

    • Size

      9KB

    • MD5

      62b97cf4c0abafeda36e3fc101a5a022

    • SHA1

      328fae9acff3f17df6e9dc8d6ef1cec679d4eb2b

    • SHA256

      e172537adcee1fcdc8f16c23e43a5ac82c56a0347fa0197c08be979438a534ab

    • SHA512

      32bd7062aabd25205471cec8d292b820fc2fd2479da6fb723332887fc47036570bb2d25829acb7c883ccaaab272828c8effbc78f02a3deeabb47656f4b64eb24

    • SSDEEP

      96:zM2BLwN8GXhc1I+a8gnYFdj9DSYp+BYA8v7cVO15uJxGE9YUBz2qh3C7tCE4ecp:AIwNfC1TUYv9p+OF8JxTmUBzthcqp

    Score
    10/10
    phorphiexevasionloaderpersistencetrojanworm

    • Modifies security service

      evasion

    • Phorphiex payload

    • Phorphiex, Phorpiex

      Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Windows security bypass

      evasiontrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks