phorphiex | 0847eccd21c4fb301d08aff4ce1f0680[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

0847eccd21c4fb301d08aff4ce1f0680.bin
Size

103KB
MD5

0847eccd21c4fb301d08aff4ce1f0680
SHA1

33d30d4c71a35ec681a3cc3865e656531f1eb898
SHA256

9a8c3fa3687c2210410fb8b3a3eb17d2280c3903abb5dc8d27612f67f04b0fb2
SHA512

4f35cb5d8ef86110d8c2318cf0f0f5fa22b85e76d6928d4820aca28a92a52a5cdcd66442b0cf9861413a7592c54fc782dcbbe0ab00a8a6d9f9a534f31cf99cf9
SSDEEP

768:c3MuYuJJXY8i5/6YiBwwSuY9tF9U1QFvTUE7LhKq4i0TBMMqzRCh6R1yw2C/94UR:c3Mz8UwvJA79UWv4FCIV0exfFj

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

http://185.215.113.84/

Wallets

12gcwY6q4pv4DBbEjeQXwbhDBesLDc755VE2kyzzXRtvBvzd

18xjALsLW57DQcXSgvGE8H9iXkXYvPjSWc

3PLk48rqFRT7ZB2GZVHMJE5aiHr5jjBfZcw

39t2ndtRZKxHPHaprbe6kPaws4vs1nWA94

qz9vrpv9h2j5e6fsqwwsh8e9aaumwvql956ynh9rs9

XmgkLqGXu8HGU7tTbbwWvaJYrgvybx3eZE

DSVC6eMqTCpkaMkCVp6Yn2U7FYkU76VhKB

0xd4F8DfD1cDBa76e9ac6b3b31Ef3C6C6c3D1ea1d0

LXz2Jhi73bna54msz2zpsEpRVAh8KbeYRL

rPTusqR9SMoh7QuYfJ3EJF7Ewogp6HVJEt

TCW3T7UyyN3MWqakTPViWVRAL1kGsYyTL6

t1gE3Hz4ivvEAQMWagv5XuUMkUPcnNkuNGB

AUpwoQdnjVynLKhDkNt1TJh6sgduJnxyJy

bitcoincash:qz9vrpv9h2j5e6fsqwwsh8e9aaumwvql956ynh9rs9

46wi3NQz8eWV9HnGGKtpqKFcyGqWvLXsRP9C4oh3FgJ8M11QzmSrWWu6hW2kdredmQDYFjkJNg8t4Lye6vPuRcCsK71DPYr

GAWB6FUMRQBOF4JSVWAH6GO26C24UL5P44G3LDWK46WMFAS2TAZD7EBC

bnb1yzw7m55vrhqmmw2e0xpven8q49u8m63prv3hhz

bc1q4eym03072yk0zahdm9jym28vk0dxwyvs57sr6g

Attributes

mutex
hh3gg3h
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36

Signatures

Phorphiex family
phorphiex
Phorphiex payload 1 IoCs

Processes:

resource yara_rule

sample family_phorphiex

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0847eccd21c4fb301d08aff4ce1f0680.bin

Files

0847eccd21c4fb301d08aff4ce1f0680.bin
.exe windows:5 windows x86 arch:x86

2184d9d3a232034fe754f63f14b273e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
WSAStartup
send
recv
ioctlsocket
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEnumNetworkEvents
WSAEventSelect
listen
WSAWaitForMultipleEvents
getpeername
accept
WSAGetOverlappedResult
WSACreateEvent
WSASocketA

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

HttpOpenRequestA
InternetOpenUrlW
InternetOpenUrlA
HttpQueryInfoA
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpAddRequestHeadersA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
memmove
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

CreateEventA
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetSystemInfo
PostQueuedCompletionStatus
GetProcessHeaps
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
CreateMutexA
GetLastError
ExitProcess
GetVolumeInformationW
SetFileAttributesW
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrcmpW
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW

user32

TranslateMessage
RegisterClassExW
wsprintfW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
DefWindowProcA
RegisterRawInputDevices
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wsprintfA
wvsprintfA
GetWindowLongW
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cpbjwsp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

2184d9d3a232034fe754f63f14b273e9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

urlmon

wininet

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 35KB - Virtual size: 36KB

cpbjwsp Size: - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 35KB - Virtual size: 36KB

cpbjwsp
Size: - Virtual size: 4KB