phoenix | ad1a6487ec0d6e97c223d55cdb6cf93f08897afce06034fd5699ba1479e8035c | Triage

Submit
Reports

Overview

overview

Static

static

7

87d809248b...18.exe

windows7-x64

87d809248b...18.exe

windows10-2004-x64

Sharing

General

Target

87d809248be96a7d3c0c4e689d22c6d7_JaffaCakes118
Size

638KB
Sample

240531-wkxdfsgg22
MD5

87d809248be96a7d3c0c4e689d22c6d7
SHA1

5b3232dc4fd5fa2847c9017821600bea3683dde8
SHA256

ad1a6487ec0d6e97c223d55cdb6cf93f08897afce06034fd5699ba1479e8035c
SHA512

d30a3190c828c1a75d4622ec6026962d99ffaa8ee0c58d5665f2accd7ef8673c75926c0cfe0c48c3eaf39ca8ef076636bdf7ca3b19dbad92fc3240d30d168872
SSDEEP

12288:dquEdbHF6xC9D6DmR1J98w4oknqOOCyQfZku2ggI3ZiK4Tl7f:Adbl6kD68JmlotQf8NI3Zm7f

Score

10^/10

phoenix collection keylogger stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

87d809248be96a7d3c0c4e689d22c6d7_JaffaCakes118.exe

Resource

win7-20240215-en

phoenix collection keylogger stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

87d809248be96a7d3c0c4e689d22c6d7_JaffaCakes118.exe

Resource

win10v2004-20240508-en

phoenix collection keylogger stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
silverlinehospital.in
Port:
587
Username:
[email protected]
Password:
Bukky101@

Targets

- Target
  
  87d809248be96a7d3c0c4e689d22c6d7_JaffaCakes118
- Size
  
  638KB
- MD5
  
  87d809248be96a7d3c0c4e689d22c6d7
- SHA1
  
  5b3232dc4fd5fa2847c9017821600bea3683dde8
- SHA256
  
  ad1a6487ec0d6e97c223d55cdb6cf93f08897afce06034fd5699ba1479e8035c
- SHA512
  
  d30a3190c828c1a75d4622ec6026962d99ffaa8ee0c58d5665f2accd7ef8673c75926c0cfe0c48c3eaf39ca8ef076636bdf7ca3b19dbad92fc3240d30d168872
- SSDEEP
  
  12288:dquEdbHF6xC9D6DmR1J98w4oknqOOCyQfZku2ggI3ZiK4Tl7f:Adbl6kD68JmlotQf8NI3Zm7f
Score

10^/10

phoenix collection keylogger stealer upx
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealerupx

behavioral2

phoenixcollectionkeyloggerstealerupx

© 2018-2024

Terms | Privacy