phorphiex | 7cfa6bc35fde4c3d6994f56560dc7e9149d1a213351888d89d722e16d7b3e393 | Triage

Submit
Reports

Overview

overview

Static

static

1bdbf56cc8...0N.exe

windows7-x64

1bdbf56cc8...0N.exe

windows10-2004-x64

Sharing

General

Target

1bdbf56cc827f362a689eced94a4ee30N.exe
Size

289KB
Sample

240727-3xeshayenf
MD5

1bdbf56cc827f362a689eced94a4ee30
SHA1

609e8b54a528f61804cd0aa13c3a2aaca17e71f7
SHA256

7cfa6bc35fde4c3d6994f56560dc7e9149d1a213351888d89d722e16d7b3e393
SHA512

06dc0f12d77f2a4e0b3da591d08c5367b236082d11447ab6a32a01a30d423372be50adb6a4bfbff72f5b051c67b178450f89cbfb6450685f066dbc081a589da7
SSDEEP

3072:KwYVpJP8Dzh115F/4aS8iV4nU2Iyg/WXnG840r9pwwdgTP94fYP:ZYVDP85pF//SvDGHXG8G

Score

10^/10

phorphiex ramnit banker discovery evasion loader persistence spyware stealer trojan upx worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1bdbf56cc827f362a689eced94a4ee30N.exe

Resource

win7-20240708-en

phorphiex ramnit banker discovery evasion loader persistence spyware stealer trojan upx worm

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

1bdbf56cc827f362a689eced94a4ee30N.exe

Resource

win10v2004-20240709-en

phorphiex discovery evasion loader persistence trojan upx worm

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  1bdbf56cc827f362a689eced94a4ee30N.exe
- Size
  
  289KB
- MD5
  
  1bdbf56cc827f362a689eced94a4ee30
- SHA1
  
  609e8b54a528f61804cd0aa13c3a2aaca17e71f7
- SHA256
  
  7cfa6bc35fde4c3d6994f56560dc7e9149d1a213351888d89d722e16d7b3e393
- SHA512
  
  06dc0f12d77f2a4e0b3da591d08c5367b236082d11447ab6a32a01a30d423372be50adb6a4bfbff72f5b051c67b178450f89cbfb6450685f066dbc081a589da7
- SSDEEP
  
  3072:KwYVpJP8Dzh115F/4aS8iV4nU2Iyg/WXnG840r9pwwdgTP94fYP:ZYVDP85pF//SvDGHXG8G
Score

10^/10

phorphiex ramnit banker discovery evasion loader persistence spyware stealer trojan upx worm
- Phorphiex payload
- Phorphiex, Phorpiex
  Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phorphiexramnitbankerdiscoveryevasionloaderpersistencespywarestealertrojanupxworm

behavioral2

phorphiexdiscoveryevasionloaderpersistencetrojanupxworm

© 2018-2024

Terms | Privacy