Overview
overview
7Static
static
3PhobiaSlend.exe
windows10-ltsc 2021-x64
7$PLUGINSDI...ls.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3$PLUGINSDIR/app-64.7z
windows10-ltsc 2021-x64
1LICENSES.c...m.html
windows10-ltsc 2021-x64
4PhobiaSlend.exe
windows10-ltsc 2021-x64
7chrome_100...nt.pak
windows10-ltsc 2021-x64
3chrome_200...nt.pak
windows10-ltsc 2021-x64
3d3dcompiler_47.dll
windows10-ltsc 2021-x64
1dxcompiler.dll
windows10-ltsc 2021-x64
1dxil.dll
windows10-ltsc 2021-x64
1ffmpeg.dll
windows10-ltsc 2021-x64
1libEGL.dll
windows10-ltsc 2021-x64
1libGLESv2.dll
windows10-ltsc 2021-x64
1resources.pak
windows10-ltsc 2021-x64
3resources/app.asar
windows10-ltsc 2021-x64
3resources/elevate.exe
windows10-ltsc 2021-x64
3snapshot_blob.bin
windows10-ltsc 2021-x64
3v8_context...ot.bin
windows10-ltsc 2021-x64
3vk_swiftshader.dll
windows10-ltsc 2021-x64
1vk_swiftsh...d.json
windows10-ltsc 2021-x64
3vulkan-1.dll
windows10-ltsc 2021-x64
1$PLUGINSDI...7z.dll
windows10-ltsc 2021-x64
3General
-
Target
PhobiaSlend.exe
-
Size
82.5MB
-
Sample
241103-phstxstelf
-
MD5
ed862789226f7db6a6811813a708c404
-
SHA1
72d8b6f88b42e58d1736064a753bf75a9e847dd4
-
SHA256
cf65e87b595a810c62949408aed75be11d786cdd00f8605edce3df569c0ec59e
-
SHA512
efb7b67ce7c60a3a3d9f3134228121379c08abfaa7c95080900ba0707df2b13b16c254ad56ae111f202fd6095b01d4c20ef8a048cfd488f78d457b2c53dd1c6d
-
SSDEEP
1572864:oejOt7ysRZArrkOxhPfAl87HpoWjzKkaCz4CE2qMbb4KLaIMW5vXeWG6e3oD7:oN/RZlelR7Jf+Cz4CNrXLaIMW5vXeWGC
Static task
static1
Behavioral task
behavioral1
Sample
PhobiaSlend.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app-64.7z
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
LICENSES.chromium.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
PhobiaSlend.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
chrome_100_percent.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
chrome_200_percent.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
d3dcompiler_47.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
dxcompiler.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
dxil.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
ffmpeg.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
libEGL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
libGLESv2.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral15
Sample
resources.pak
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral16
Sample
resources/app.asar
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral17
Sample
resources/elevate.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral18
Sample
snapshot_blob.bin
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral19
Sample
v8_context_snapshot.bin
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral20
Sample
vk_swiftshader.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral21
Sample
vk_swiftshader_icd.json
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral22
Sample
vulkan-1.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
PhobiaSlend.exe
-
Size
82.5MB
-
MD5
ed862789226f7db6a6811813a708c404
-
SHA1
72d8b6f88b42e58d1736064a753bf75a9e847dd4
-
SHA256
cf65e87b595a810c62949408aed75be11d786cdd00f8605edce3df569c0ec59e
-
SHA512
efb7b67ce7c60a3a3d9f3134228121379c08abfaa7c95080900ba0707df2b13b16c254ad56ae111f202fd6095b01d4c20ef8a048cfd488f78d457b2c53dd1c6d
-
SSDEEP
1572864:oejOt7ysRZArrkOxhPfAl87HpoWjzKkaCz4CE2qMbb4KLaIMW5vXeWG6e3oD7:oN/RZlelR7Jf+Cz4CNrXLaIMW5vXeWGC
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/app-64.7z
-
Size
82.1MB
-
MD5
d50d02ae90a6b1fbc45917bcaf6ed953
-
SHA1
f288e68f2116a6d13690cb73e434f5d0b2c18812
-
SHA256
bca8413bcef31ba372e4182376c54b5303cfc4c389a0a11e66d0921bc2f0fdb9
-
SHA512
a22d4cdddf2a456f14f86a7fd633d254e131d6170280fec155620dd76741cd626f6f81bd1ccf89771283548acc0b8b4a696d624eaf8c2bfe59615848db6093de
-
SSDEEP
1572864:aejOt7ysRZArrkOxhPfAl87HpoWjzKkaCz4CE2qMbb4KLaIMW5vXeWG6e3od:aN/RZlelR7Jf+Cz4CNrXLaIMW5vXeWGc
Score1/10 -
-
-
Target
LICENSES.chromium.html
-
Size
8.7MB
-
MD5
1ca87d8ee3ce9e9682547c4d9c9cb581
-
SHA1
d25b5b82c0b225719cc4ee318f776169b7f9af7a
-
SHA256
000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d
-
SHA512
ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810
-
SSDEEP
24576:ZQQa6Ne6P5d2WSmwRFXe1vmfpV6k626D6b62vSuSpZ:ZMfTVQ
Score4/10 -
-
-
Target
PhobiaSlend.exe
-
Size
168.5MB
-
MD5
082afad563dde32ea467c377656291e0
-
SHA1
8fae66fbb010c5f6b0f68c04f0c07020f165ce4c
-
SHA256
581637ea6bb58e7178ec93ed88c49c75b4ecff026583e98fe5bb88a80f43dc90
-
SHA512
4e5fd2aa3619d6fdd412dbdf61749c6f663a4707fccc727fbfa79059980b5afc97807f4046cb824b1bc67a4019385a204ab22607d528183fe44cedf4fcd41c83
-
SSDEEP
1572864:E/QdT4uZTZzdAWGC0MgTA7XbswYArMn1H8KZr5XufKYQC63o9wjgt8HvNSDoIKBW:BCT8Qwz+5IXFxj5opW
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
chrome_100_percent.pak
-
Size
163KB
-
MD5
4fc6564b727baa5fecf6bf3f6116cc64
-
SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518
-
SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb
-
SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2
-
SSDEEP
3072:IOzwJCGIekwdLpsXYFAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:IOzw1Iekam5QpK18Gb0OV8ld0GecQ3Ey
Score3/10 -
-
-
Target
chrome_200_percent.pak
-
Size
222KB
-
MD5
47668ac5038e68a565e0a9243df3c9e5
-
SHA1
38408f73501162d96757a72c63e41e78541c8e8e
-
SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32
-
SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89
-
SSDEEP
6144:QsDQYaSN6svydHLhQegx5GMRejnbdZnVE6YoppO4:QBfSN6svydrx6edhVELoXO4
Score3/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
2191e768cc2e19009dad20dc999135a3
-
SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a
-
SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
-
SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
-
SSDEEP
49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score1/10 -
-
-
Target
dxcompiler.dll
-
Size
20.8MB
-
MD5
a50d2db103fd2c4c8682958932fc2f67
-
SHA1
d07eda94b238463e194a8adec1b47eb5629a3ba1
-
SHA256
51952faea76a3c913a021899d891b6cc1c6f924a980da6b664e4b662de9d353d
-
SHA512
aea572e1319223f26e8866679511236baefda83369fb84f4bc21706a79a8212013ac64d88c462630112badaebb96c01fd7deadc8e24f7d3e0964d61ab9b1a3f2
-
SSDEEP
393216:cf3bamh3Jcv7eJs8V+myzJ8TBDP2nJkwyuOQwtG:cRnQedP2n2wfOQ3
Score1/10 -
-
-
Target
dxil.dll
-
Size
1.4MB
-
MD5
cb72bef6ce55aa7c9e3a09bd105dca33
-
SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229
-
SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893
-
SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0
-
SSDEEP
24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.7MB
-
MD5
0b868eec3d789e9e04d7d9363f06d4e6
-
SHA1
9f81ead206ab7a54328c8605ebbdc23c83a829bc
-
SHA256
e85618dfe2a1b2c20174f8e628e9d542065ba73ef257ad6a2bceaabacb9e3dc8
-
SHA512
8f369e68ce426fd3d54891d81ec5f228521ec065402eeeeb6cf9140007f229054fc8695a64fa8015ec91326ca324a60839d2f193f581484a56c49b4655951161
-
SSDEEP
49152:zWjNiPDWFc04YLAfTJB05fOr5wRCpe7n6mflFR35wpE129AdL:od49T30owRCp4GH9u
Score1/10 -
-
-
Target
libEGL.dll
-
Size
467KB
-
MD5
f6ed3ccd44422ce187ce0e4ee31d122c
-
SHA1
89a78cce571e3717ae24da10103b6f71d519eab6
-
SHA256
337b7e187c7ea739032380d3a9d1f50e29761562ca9475836b36a42e3dbc9fa5
-
SHA512
36c81afec0586dee43f3c036a58505930e4cba75fb681caf11ea004b7d8e538c3eed5826231d30bda7da02bddb12b535d83a5c16cabf669c190cc9663d3469be
-
SSDEEP
6144:9bEUgZr3Xz4gqch5rd7fa5TyfAv5qLD21VHURpQ4kw:ZEzr3D4gFh5rd7fWvY4x9
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
7.4MB
-
MD5
c7fbdebe0a4287bd6b59721121705e1e
-
SHA1
5f51d88b046de12e0128641768f99d05438f8e4e
-
SHA256
2ffccd773bac3e3c5cc9e3a43f89deba8456f2bcaba85496af7013445b413f2d
-
SHA512
93f51e84597c28c492c8cf2a3cf2108ca6a52c9b5fdd79d1c95bf7de6a301a21aa47342c4273044cf6709d632f0ec7fec2aac774c4128a920642bcdfb5129792
-
SSDEEP
98304:Sr5RVJYXaTa6un3sIy+4qDBlyze6wF4NTP8lUV2UXm3fvq:Sr335u35tlyC6JTPNCfv
Score1/10 -
-
-
Target
resources.pak
-
Size
5.1MB
-
MD5
b858b431b144c6ffa77126be16ee84c2
-
SHA1
dc577b6019bcd6c175fc05498c02e733d4941b84
-
SHA256
6aaf8bf545eb7cf4e54268d1abb1f4c001e823f4f561b33d5f5353d6a815ae75
-
SHA512
15497a26c13964577378a182bc4eb331e72a1bd7d8253c8c6cc14e4e1e97760352537cf6f9893caa8f5e80c0455780cd6c3b509e5e311839b0b0e9966d44a41e
-
SSDEEP
98304:dc1j22juJgWPVcz+cd31kJ7JqzboHgf3nvJjjrwrWBpcdmTHWCF3UlfPcauPFcH/:OpLCJPdB831gJ8oHwhjjkrWBQmTHWo0l
Score3/10 -
-
-
Target
resources/app.asar
-
Size
62.4MB
-
MD5
cc041f8b369a8997eed7835f7199a257
-
SHA1
b857625cc9c2369264c1542b654167587ca97ed5
-
SHA256
031cc8e6dd842ad96ad5f0f842bc6ae8eb8a61a3ce3f89df6994dd00b18e10af
-
SHA512
9a3273ff5d54a51209e293ca3951600e0d2a5b7585ffeb625828691c2f6f0752b016b367ec21d69b2648b6c7778b93a36b66ad6207e01b06b8344107292606df
-
SSDEEP
393216:lExRAtptbitALtJKeMeneAELgImMW1S3L:lExRwtbitALtJKeMeneAELgIm1IL
Score3/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score3/10 -
-
-
Target
snapshot_blob.bin
-
Size
270KB
-
MD5
1ceb547bbb14f663b82d03a9a66e7b07
-
SHA1
d84594495a6295d2a1aef2d4a6601e4d1d47cc94
-
SHA256
203764e3440af3e7842ea9bd42570d3150ebf4bb4a275be5e41721e8d55c436b
-
SHA512
a5cd7a1912a36dd416d1f10f549d367cb3a2d272d1692851b9ebb315bed1b6567e2ea73edf7bbdb8f05790471052314f3917efc56236292c6b69ca4eac5b6431
-
SSDEEP
3072:OPXttcgbBDoChde06wbRMYKHUeynXtxZ4fQe1:CXPh9oCWCNMXo6
Score3/10 -
-
-
Target
v8_context_snapshot.bin
-
Size
627KB
-
MD5
455bbb5f7452bec5d159b106fd2d527f
-
SHA1
914b9b7317d24c54e97643d31dead958bfd48b21
-
SHA256
ced4233679168543704dd146cb674ec4779c40e6bdbf687fff15c93bc58f8cca
-
SHA512
6267d2623367d497d1dcea660c5e5ebaba5abaeabd75ab42e2a07d40b752c25f9b89d997c5d13f260b48e677212f860f5c387f10600163c094610e1501d716d4
-
SSDEEP
6144:nlAKlrnVVc/eK7cPg9oCWCNM+MFjfjfGJCWXecRvUsoA4EytPcAzCYY:nZ0t7cP+Yz7Vcrz
Score3/10 -
-
-
Target
vk_swiftshader.dll
-
Size
5.0MB
-
MD5
25d58f71a5aa347e5afae32a887fdc31
-
SHA1
990334cfbd88fa2957f545e0ba595594c4f6a2fc
-
SHA256
9068181e7a22521e9d908aeaed2d3a0171437fe4581de65982e2a47bc0dc1408
-
SHA512
322474ad405fc552700eb3a8eaf04bec43e6a45941e9db13f237729c9bdc7f1b7c1cb7c090a66ebd72f8c31f6f5d05dc04d2f99a6ef9488aa734761a8a59f8aa
-
SSDEEP
49152:X3GH9WAPbaXjQ0S4g3DcRiyibDAiK9vNRZt3H3UyLdiHoFy12gv7DpuemXIEkVEJ:XWH9J1ED3PW7v+Im3Ka326n
Score1/10 -
-
-
Target
vk_swiftshader_icd.json
-
Size
106B
-
MD5
8642dd3a87e2de6e991fae08458e302b
-
SHA1
9c06735c31cec00600fd763a92f8112d085bd12a
-
SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
-
SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
Score3/10 -
-
-
Target
vulkan-1.dll
-
Size
925KB
-
MD5
4a488bc7ba8f634bb413f31c28cf5941
-
SHA1
69f6070b43a8c107ede019bf48671372e751c85d
-
SHA256
6008f82da0997edb4f0ed2fa5818e3c993aac82d58b12174d5b204ca00e3fba3
-
SHA512
2861e9270d312c4a0299661c1ee2572a101eb6a4c98dffa353d7d80ac3ffe439306e4b48e7914603171a832f27ec1c12154d2f3eb0f9ff30bb1eeef705eceeaa
-
SSDEEP
24576:dDQICvMWnjSFmUSQN7G/od56Z5WdDYsH26g3P0zAk7oD:dDNwSpdN7N56Z5WdDYsH26g3P0zAk7o
Score1/10 -
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
424KB
-
MD5
80e44ce4895304c6a3a831310fbf8cd0
-
SHA1
36bd49ae21c460be5753a904b4501f1abca53508
-
SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
-
SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
SSDEEP
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
3System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1