Analysis
-
max time kernel
140s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
31-08-2024 11:02
Behavioral task
behavioral1
Sample
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe
Resource
win10v2004-20240802-en
General
-
Target
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe
-
Size
546KB
-
MD5
c9c937d7791010e40713bf9c7812a532
-
SHA1
2d09ec0b24b7eb281d5e37ad3cf3fd9fe9336615
-
SHA256
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af
-
SHA512
2afc3e89b8bdbd2dd280802bb73d11fb5a4d41b6100ae6c1bc61aa099f3387c91068b9478c4888800e4fde6e70cc43bebd258b33e4b09809b3f1c103a0fc132f
-
SSDEEP
12288:aWWzIRlRn2/rw7INjVGCXZq0iiIxTp5TQdIJWjI0g0A8Hcqr4d:aWUWrnIrw7I1VGCXZbiiEQdAWngR8k
Malware Config
Signatures
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe