phoenix | f0269becabc7ac8356de24d36a9fe0b03e708da26d5062bf94b8ab8073462702 | Triage

Submit
Reports

Overview

overview

Static

static

5

8dbc0ee673...18.exe

windows7-x64

8dbc0ee673...18.exe

windows10-2004-x64

Sharing

General

Target

8dbc0ee673c657836ef7545b21279bb7_JaffaCakes118
Size

1.1MB
Sample

240602-mbz9baah64
MD5

8dbc0ee673c657836ef7545b21279bb7
SHA1

c028e8800b860b8b55eaef741dbfad7f75a1faff
SHA256

f0269becabc7ac8356de24d36a9fe0b03e708da26d5062bf94b8ab8073462702
SHA512

f3b3d0b11fdcd528e1b6c4a701cb9c444823c687e487fd5740b997a8ab0bc50a9e38122f9300ad2ac2850fcbbe9c9785abd48e75d8900f873955201967e79324
SSDEEP

24576:Eyu6Jx3O0c+JY5UZ+XC0kGso/WaZjIF8SyWY:E0I0c++OCvkGsUWaZGY

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8dbc0ee673c657836ef7545b21279bb7_JaffaCakes118.exe

Resource

win7-20240508-en

phoenix collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8dbc0ee673c657836ef7545b21279bb7_JaffaCakes118.exe

Resource

win10v2004-20240426-en

phoenix collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8dbc0ee673c657836ef7545b21279bb7_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  8dbc0ee673c657836ef7545b21279bb7
- SHA1
  
  c028e8800b860b8b55eaef741dbfad7f75a1faff
- SHA256
  
  f0269becabc7ac8356de24d36a9fe0b03e708da26d5062bf94b8ab8073462702
- SHA512
  
  f3b3d0b11fdcd528e1b6c4a701cb9c444823c687e487fd5740b997a8ab0bc50a9e38122f9300ad2ac2850fcbbe9c9785abd48e75d8900f873955201967e79324
- SSDEEP
  
  24576:Eyu6Jx3O0c+JY5UZ+XC0kGso/WaZjIF8SyWY:E0I0c++OCvkGsUWaZGY
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

phoenixcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy