phoenix | a9379eb4a91d9f04a767d45d65435df1dd021c17ea802c69de3b3509b93a22f3 | Triage

Submit
Reports

Overview

overview

Static

static

5

9955face11...18.exe

windows7-x64

9955face11...18.exe

windows10-2004-x64

Sharing

General

Target

9955face1106764a92d02dcbd4d0417b_JaffaCakes118
Size

1.1MB
Sample

240605-1q4f6sab9t
MD5

9955face1106764a92d02dcbd4d0417b
SHA1

a19dfeb661ccdc34c248ce8698bd84eedf6aaa47
SHA256

a9379eb4a91d9f04a767d45d65435df1dd021c17ea802c69de3b3509b93a22f3
SHA512

078dd148e82b8251007273fcf42d07dca99954a0d8c44098e99f25ef042bf8014ead059db5f4595b22ae0b72f3c5ac7b77d24c54a7d8fec21159ac770c547e9d
SSDEEP

24576:Tu6Jx3O0c+JY5UZ+XC0kGso/WaY7pLCKPTUWY:9I0c++OCvkGsUWaYhY

Score

10^/10

phoenix collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9955face1106764a92d02dcbd4d0417b_JaffaCakes118.exe

Resource

win7-20240220-en

phoenix collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9955face1106764a92d02dcbd4d0417b_JaffaCakes118.exe

Resource

win10v2004-20240426-en

phoenix collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
silverlinehospital.in
Port:
587
Username:
[email protected]
Password:
Bukky101@

Targets

- Target
  
  9955face1106764a92d02dcbd4d0417b_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  9955face1106764a92d02dcbd4d0417b
- SHA1
  
  a19dfeb661ccdc34c248ce8698bd84eedf6aaa47
- SHA256
  
  a9379eb4a91d9f04a767d45d65435df1dd021c17ea802c69de3b3509b93a22f3
- SHA512
  
  078dd148e82b8251007273fcf42d07dca99954a0d8c44098e99f25ef042bf8014ead059db5f4595b22ae0b72f3c5ac7b77d24c54a7d8fec21159ac770c547e9d
- SSDEEP
  
  24576:Tu6Jx3O0c+JY5UZ+XC0kGso/WaY7pLCKPTUWY:9I0c++OCvkGsUWaYhY
Score

10^/10

phoenix collection keylogger stealer
- Phoenix Keylogger
  Phoenix is a keylogger and info stealer first seen in July 2019.
  stealer keylogger phoenix
- Phoenix Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phoenixcollectionkeyloggerstealer

behavioral2

phoenixcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy