Overview

overview

7

Static

static

7

Phoenix v1.4.exe

windows7-x64

7

Phoenix v1.4.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Phoenix v1.4.exe

  • Size

    6.1MB

  • Sample

    240614-qz4heswhkj

  • MD5

    77e12ffe45744e1b737c1b37112fd034

  • SHA1

    69dd3bc2e3d87bb691df333ae42273a1f7b5e143

  • SHA256

    b066806fa69f212b043909ec55f01dbb2060296f1629a92a5c33be74751427a0

  • SHA512

    6e15e494eb95da98e0cbfdca6057e2cb61767f5bd8d972d7bba87c08a0dc61fbc4b9f4b4f47b72e78b71d3347601e1191e5f07d589a70bcd08ba70171fc579d5

  • SSDEEP

    98304:aMLR1hBqbYl50ZGtvdjcnjtm0QhXmXoPKnXonPKpXe4vxOXeXpnUzf:aMFwYjntRYPOFPKwS1eMOXe5Uzf

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      Phoenix v1.4.exe

    • Size

      6.1MB

    • MD5

      77e12ffe45744e1b737c1b37112fd034

    • SHA1

      69dd3bc2e3d87bb691df333ae42273a1f7b5e143

    • SHA256

      b066806fa69f212b043909ec55f01dbb2060296f1629a92a5c33be74751427a0

    • SHA512

      6e15e494eb95da98e0cbfdca6057e2cb61767f5bd8d972d7bba87c08a0dc61fbc4b9f4b4f47b72e78b71d3347601e1191e5f07d589a70bcd08ba70171fc579d5

    • SSDEEP

      98304:aMLR1hBqbYl50ZGtvdjcnjtm0QhXmXoPKnXonPKpXe4vxOXeXpnUzf:aMFwYjntRYPOFPKwS1eMOXe5Uzf

    Score
    7/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks