ff364df884836cc6fadce664cc3a45ac1e7c4882e4a6789a6a772d0d6bd53c68

Sharing

Copy URL

Twitter E-mail

General

Target

PHOENIX.rar
Size

10.0MB
Sample

240617-qvwl1sxckn
MD5

c2f1ade83fdf3d2396de7bc2454f59bf
SHA1

e487c2fada80dc934439629ceaf24a9d8c64c78f
SHA256

ff364df884836cc6fadce664cc3a45ac1e7c4882e4a6789a6a772d0d6bd53c68
SHA512

0f033458f1fda7cb43249897e77fda937bdf3f095d0ecc01c4879d7eb40bc54ccfeb5ed1ab92ad3d2fa32eeeea08312f6a8362647d6bb628f4c4814272ade0df
SSDEEP

196608:cwU3azC4l7k78GafKUHwI2jj2MoHslDpswBnDF:iKe4l7qUVoS5M3RZ

Score

7^/10

Malware Config

Targets

- Target
  
  PHOENIX.rar
- Size
  
  10.0MB
- MD5
  
  c2f1ade83fdf3d2396de7bc2454f59bf
- SHA1
  
  e487c2fada80dc934439629ceaf24a9d8c64c78f
- SHA256
  
  ff364df884836cc6fadce664cc3a45ac1e7c4882e4a6789a6a772d0d6bd53c68
- SHA512
  
  0f033458f1fda7cb43249897e77fda937bdf3f095d0ecc01c4879d7eb40bc54ccfeb5ed1ab92ad3d2fa32eeeea08312f6a8362647d6bb628f4c4814272ade0df
- SSDEEP
  
  196608:cwU3azC4l7k78GafKUHwI2jj2MoHslDpswBnDF:iKe4l7qUVoS5M3RZ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Phoenix/Phoenix.exe
- Size
  
  5.7MB
- MD5
  
  fdb7a79ca7c4c3436b51c0ddfc0986d3
- SHA1
  
  c6adf91c85010ecd7779c6ad17ac55065aca1522
- SHA256
  
  6a1b7ee6b1e4dcf94619a97e5d28ea07b544183d3a155d8e9ce5b20aa23c1988
- SHA512
  
  e7993527a619aa5a861161dd3be906c54afcdbae2514655ce6cacbf5fe1341106a9560cd800aa8aa0cfaa64a7becebb066fa2e71dd0f80ea18318da90dd8f3de
- SSDEEP
  
  98304:HG51NmHOrGzRNBN8XbqRlZ6QRkVRKroAzIgy7wEWPKbwQ+O55XphHBGzsUUC:wYzfoLqaVRsoAzIaPPkbXpJB/UU
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Phoenix/extatent.dll
- Size
  
  50KB
- MD5
  
  4e6b9cd76713ec5af29998eb790a3e5a
- SHA1
  
  66b246f6df2c83dff2dc702602eeeb24ac300582
- SHA256
  
  44f76629435b429bba3cc08fca63a8f6a8e460268a0792a9e76cda3162655b95
- SHA512
  
  b8b28d69493305e899f017e5c7203ef31f188e520dae3e56bc008b8f34fdc20759333f1ac0bf81ab5191492ccf27f19df6970d600be2906f96e263f74db5cf92
- SSDEEP
  
  768:e4gOx89NGERw2A11HI+bFK603JLw8MdErPPPwZVTkeJbT1ehphQ:eDGB2KHIwoKyPPyqeJl+phQ
Score

1^/10
behavioral5 behavioral6
- Target
  
  Phoenix/names.txt
- Size
  
  83B
- MD5
  
  3d30567bbee10a7802d0b042bbf94a49
- SHA1
  
  dadd723ca9e97830bdac4657f7828c31cd3585f6
- SHA256
  
  5c83f6c9b64060fb0d265ce88d16dffbef1f63c1916baaa6d582a502fede2f61
- SHA512
  
  feb17da0e16553cd038c2226860ca1bba3e3fc3df395e0d09cb9bcf7b6784fb7d65f3b84d38d1c04120b820e8a0b1d80e30871a5137598b6219cfe6ab2b4d071
Score

1^/10
behavioral7 behavioral8
- Target
  
  Phoenix/selenium-manager/linux/selenium-manager
- Size
  
  4.3MB
- MD5
  
  6a956ddd8f1e71ca2707aedb59a7f779
- SHA1
  
  d12c5efd25bb9b0b77054f4a83a38504094f240d
- SHA256
  
  b7c8968038e9112e6cb549a0b58172ab53658262946835ff39c041ec44c871b8
- SHA512
  
  186c91a19b4f1f2ff9bc14b144ca109ef6599a21d126472c90e2022ed26b20cf878ecd9758a069b0c4ba768cc3621150269f861810b8284e146405bc227b8e63
- SSDEEP
  
  49152:d/M6p1KU1mIU6ifVovQfFAtDa6E4alFSmcrTKbalFMeDYieEhEQ/Lic1XgAcTaMK:tR1Kq+yhukbLN
Score

1^/10
behavioral9
- Target
  
  Phoenix/selenium-manager/macos/selenium-manager
- Size
  
  3.6MB
- MD5
  
  4e3e74d882f2a2ef2f983f65077d7b10
- SHA1
  
  112bd6ffdc55f8ec2d0bbaaac2b72edf679e6e3d
- SHA256
  
  81a2056f4616f8ba3ef50c3a81db3f4963565cac1da46f57688fe455ac73763c
- SHA512
  
  d51f7cf7e11a7c199d28a0fe8f9020a1113e5aac8625392a9a8ba07c7d3328decd7ace47c26fba1e9b64f17a1c119770df63c3fd31d31a8d64081ec5d7a80003
- SSDEEP
  
  49152:x/MxNkflKGKhmGV7ALIut7Fulx/DyWwNOlvMqVBBhxtEDu7bQzVktjsNaOaIVqE7:mO/GVlx/rx70zV+sw1Ew62+tl5LHTd
Score

1^/10
behavioral10
- Target
  
  Phoenix/selenium-manager/windows/selenium-manager.exe
- Size
  
  3.0MB
- MD5
  
  b97e5ecdfd825a3a31183927e23e0199
- SHA1
  
  ab3d793868cc689699ce35d27e53cd0b8db76fcf
- SHA256
  
  c99709759258ae4a7174e23d395801f1e709f743d12ffe3e00bc638ae59fadfb
- SHA512
  
  61a8e401013d3fb04be465bab2eeb943585e11ae7249b5cfd16fcd1fdc12a433151c1e701a202c6b9a5ccbb4254d6b60b91da787e9666028c7190a2d6ced64f2
- SSDEEP
  
  49152:GgD4UMNOYj788gbCe85TGHwHG9Xg2s1+2IU6iYuCoh0ueLi:G396Cfp4Xg2t+FC
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12