General
-
Target
6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8eN
-
Size
10KB
-
Sample
241101-l6c7laxrcv
-
MD5
ed9fbbbe548c41479cb70e4d694793d0
-
SHA1
a0bde162d2241ab2acb58544511a41df30a096a7
-
SHA256
6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8e
-
SHA512
49652367fec13a1e7a188fd039bf8a9fae6be72fdc31e7597bbcfdf30375277f6a7e09b74bd5a2adf1696cf720998c751b7e1671afa3a59c4dfa7069bca543fb
-
SSDEEP
192:Jd94uPG8E1CDSnzmgp+eMwY46BJxT43thW:394u5SCDSnJo+c83
Static task
static1
Behavioral task
behavioral1
Sample
6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8eN.exe
Resource
win7-20241010-en
Malware Config
Extracted
phorphiex
http://185.215.113.84
http://185.215.113.66
185.215.113.66
Targets
-
-
Target
6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8eN
-
Size
10KB
-
MD5
ed9fbbbe548c41479cb70e4d694793d0
-
SHA1
a0bde162d2241ab2acb58544511a41df30a096a7
-
SHA256
6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8e
-
SHA512
49652367fec13a1e7a188fd039bf8a9fae6be72fdc31e7597bbcfdf30375277f6a7e09b74bd5a2adf1696cf720998c751b7e1671afa3a59c4dfa7069bca543fb
-
SSDEEP
192:Jd94uPG8E1CDSnzmgp+eMwY46BJxT43thW:394u5SCDSnJo+c83
-
Modifies security service
-
Phorphiex family
-
Phorphiex payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1