pysilon | 3816c836b3af21fcc7f05a71ad13b17aaa110be1ecee68aa18c22bf9729bca48

Sharing

Copy URL

Twitter E-mail

General

Target

Phxnt0m-malware-main.rar
Size

80.5MB
Sample

241110-zx7lqsvhqf
MD5

aa1230d889daca352561f898d83aa329
SHA1

35bc6b912cfcdef424aa2835d9421f0ba5d6d302
SHA256

3816c836b3af21fcc7f05a71ad13b17aaa110be1ecee68aa18c22bf9729bca48
SHA512

ecd08913e085f0332dd3a8b084384874d50940f6aada756ac6b72c65dffaccc65cb702f7887bca2874d97680bf611322599455e635c3795b57b081ee2fe36946
SSDEEP

1572864:OVIyO5+l3RqxPbpxqz/uyyQFUBLVLIhzLowtp/sADMhNUw2A5e9:fd5+lhqh/07LowPDWle9

Score

10^/10

Malware Config

Targets

- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/crypto_clipper.py
- Size
  
  4KB
- MD5
  
  4cc54ef515902dc1253fed286c2ad680
- SHA1
  
  000614cd1d751ccf27a19ade34bfaf91523937c2
- SHA256
  
  fd78ba2e7c4005967db1098108105fbe0fea61a6e2b1643f5ce62727c4394d24
- SHA512
  
  9f22c50bbb9597ce6d42a7f0325e7e38a71c0f33a7ca9fcdccb17ef3d9fd6b8c9a071f3a0887887e2aeeca13d7f63c03862c42d92e93046861b0d2c0c1c4142c
- SSDEEP
  
  96:a1LoVOBa5ASQtCd45yO5HvgyKo/WzmLTwM/vBSLUrPlb/WZ//tXM//0:xOBa5ASQtCd4IO5Pv+tMJTZ+h/pM0
Score

3^/10
behavioral1
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_downloading.py
- Size
  
  4KB
- MD5
  
  852567ae61dba1c96068219b7eee550e
- SHA1
  
  5fbc4c2f31a727240c042835a5915a2948d9091e
- SHA256
  
  1d89ebfa0b1c844dc8b0b2beda119d3e20e41f4acb041a24321d6288842b1dce
- SHA512
  
  4fa944632e9912dd826806b0f52831971dd27ae1ca39258cf83045eb62ceda3a852e6d352607e16c5113520241709bc829d9412fa0aba999738a8ee35224dfcf
- SSDEEP
  
  48:eYQn45DIAQYhvOiFjjn80sUpSN4G58mVQk6uo/ifQ4hvrYqy5Q4hvj:eD4lphJjz8M0CG58ma61h8Jh7
Score

3^/10
behavioral2
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_encryption.py
- Size
  
  4KB
- MD5
  
  7960f98bb360b54894b0c99df58937d8
- SHA1
  
  d5f43b1d210f3c1705603435e3eaea002b71f313
- SHA256
  
  ea8ad992b500560cb126c2c3f48c0da8634a5a997e69b76e3a21004a83f6c043
- SHA512
  
  b602699562c7de76c20b0df8226c7a5bbf62c82ec233d25bb79133e9df7f56c3cc91c1dd27c7dd4bf2075a6d646fbe8c5b51deca68558eb776ec898858015d4c
- SSDEEP
  
  96:9Vdbhfp0wt8S0lZvHim+lzvH2/hUndrhtvH2Do6vHiNES9+2sh3:9TbL07S0lZaVhoidrTIo6a20sd
Score

3^/10
behavioral3
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_explorer.py
- Size
  
  9KB
- MD5
  
  6489665089eeadcd8ad114894372918a
- SHA1
  
  4fb393ac43159fe146a1c0999e7469f33735c1c6
- SHA256
  
  f4ed8bc78e3ac19f896167b6a18a69c6e20229acdb4065e1b5fb7480042b8704
- SHA512
  
  ba7371c5e69d2fbe54fd76faceae6fbc1e044ca93fa19f2632083917ecf1478273f17490b4defdba9c7a436368012d83561dd2121e54cc6ba2882b04f4f706c4
- SSDEEP
  
  192:p614B6PihNpd3xTSALNBP4N0NtKBkm1pEBZuldQByQ8B4:pu4QP0Nt14jum1pEBZulCs36
Score

3^/10
behavioral4
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_removal.py
- Size
  
  3KB
- MD5
  
  225a4b122295b891eebfa1b587063fca
- SHA1
  
  368d0b6ea5c3e0aa8b9fafbe79ee2f99d8c85c99
- SHA256
  
  cefa3628aa86e325a5e6c5593d8de8a3e29b15443c835f66861efde6996093fe
- SHA512
  
  1f22823f6c9877eb8666224069d2eed45896c3314f9fb2d6cd36aab9dad1a49569c0047604822c4f174399666793538c630fca69f16541bfd03a3fcb78301efe
Score

3^/10
behavioral5
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_uploading.py
- Size
  
  6KB
- MD5
  
  c39b1345d3e78ed3742f7a25ae6915e8
- SHA1
  
  671236856b36a8cf0713a39bbffc7eaed87e9ae9
- SHA256
  
  b5f48d20fd03e01c30bba0be34f77d5097d394649718608c55eff55a3de624a5
- SHA512
  
  8aed090a15d9f42d3bf37fbdca47da52b220684c1cada4a9a78c166139a68c8c82c7233059b343482fd3b46d2defb0d9a45b697e300bf39b1d55e301acdab8af
- SSDEEP
  
  96:J7leTgjgsVTuc7ZWgy8LOF15Ql4Z0u8mzJPBuaVaabhsXg:JMctVyc4J8LOF1+4ZamdPBXUabv
Score

3^/10
behavioral6
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/fork_bomb.py
- Size
  
  827B
- MD5
  
  9ce5d1c6d2d808788fecc96f1bc1ae7e
- SHA1
  
  4cb06cd5da1fb76b6890385f525842da5e8fa3ac
- SHA256
  
  e31e071a5d81e780cca157d0c01f44be6ffa3090e84efaba8cedd3dad38003a0
- SHA512
  
  7293cd659aed9dc8e4884f20a7f5c5a9ce14a6128a56fcd35f6cee5acf0de920b229e88a07fad75daba4e0563da06432d78cd6f9d5b686c4aee52466a6f16bbc
Score

3^/10
behavioral7
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/grabber.py
- Size
  
  6KB
- MD5
  
  739285967afdab5c47778d822f4bbdec
- SHA1
  
  182fad8031b711aef97bd61b1fe9946f08b80136
- SHA256
  
  5365e09895bc90cc6a9290faacb9f50c96503c36d55a0d0d1c389ea6871a8e2b
- SHA512
  
  a3712021cda79642c26d46a8bd08ae6aaf5d49d025b272968354a6e020a0c933d9a8212602070e634d570f484b42bfa99bd6c6016d7937fd3fe9919c1b8bdd88
- SSDEEP
  
  96:QHyVVfWBEGF2d92hlMgT5whHGWBM18o66liwYkCeAh7Y76dgj5QhyxMFN:e6JG692ff+IWBwiSAu+WuAxG
Score

3^/10
behavioral8
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/jumpscare.py
- Size
  
  1KB
- MD5
  
  384725d5fb46366dda75ca62e06f6ae8
- SHA1
  
  f2b4bb70418c4f5306d34e0e83a3ad6e530d0dd9
- SHA256
  
  cfc4c572be88f64170db5208c8d2b649f211fecea556b26a8c5ad06e2591c844
- SHA512
  
  2fd1060f4cca56984edcc167fa7eeffc23ab6a14b102a53d71444df1ed1085ce91dfbf0773e6bea67fe1259f474b8f6a0c39b95e8ab884e9679cf9339a190c3b
Score

3^/10
behavioral9
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/keylogger.py
- Size
  
  2KB
- MD5
  
  607c5ab6acfb5d0296b33cb8508235ff
- SHA1
  
  278821eccd74ed40025373e5e1e76fc6fcf3c731
- SHA256
  
  22bdcfc14de5859bb365b030ce6908dc907bf937b1c23ac5bd9a990fbed8f7eb
- SHA512
  
  481bddf9ab2f81b77befd6bdb171e574a1ec0a90ee254cbc3302ae105b43b6f85f2ca850d8aff2cc95f3e4a5a7fac38c9082c7ffeb94e1a32f26c3c0621f1cd6
Score

3^/10
behavioral10
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/keystrokes.py
- Size
  
  1KB
- MD5
  
  b8027eebf8e456175339b6dc2b4ca14c
- SHA1
  
  3ed48a6a02da6aaf33a0393d7165ee57d17c0265
- SHA256
  
  b5ddb0a1d4b0f0f2d9648c205476c126163f4552c2ab4686a38586ca092d5edd
- SHA512
  
  f731ca79be4960c01daf69bfcb864796fcb36fb546b299c3c1de509f767ea3e9e01a0e389310fb43a4bd1abb2d5319946e5fb258acc0183c359a1f0bf1fbc192
Score

3^/10
behavioral11
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/live_microphone.py
- Size
  
  1KB
- MD5
  
  35e358e7c2961731d01cc43813be4fb3
- SHA1
  
  416502fefb5447b717f5e9705ac551c9efe01c34
- SHA256
  
  a68b5a0e6b1c6e46f80a5962841b70aec5223804fd7f410dbcab5bfc3f2f8458
- SHA512
  
  dff36b4dbdbf3692e5484dcad071df8082dfaaf904d1342ff67bb703f4664829cbc8ec96b6b00fe9d0b1adc468a277b46cbba9618d6ed5374084cda9ae40560b
Score

3^/10
behavioral12
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/messager.py
- Size
  
  6KB
- MD5
  
  2868ea74f9fc0774d2b6ff3f65830a03
- SHA1
  
  bdb982a5702fe829c89e9a3464ff534ee6d99c9c
- SHA256
  
  295fda6d112f4d063869fc8e3f869755281ca77506a8b202708b5d42be434d5c
- SHA512
  
  151963d11764da788aa93062128bf876c45d8dbe4000129c16b6981f9d84e3efde4ba2d5cd5f548b516a74c5b60d2e6377895a7d8d9aab544538c150c10d26e4
- SSDEEP
  
  96:DrXQ4YHp1ZlHEXHij8W9hhwDDnH5eZlHEnHqoj6d/orHMO8/JlDQ+HzWUwy/khmO:PQlNV9MfZO1dMoNWCs1
Score

3^/10
behavioral13
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/microphone_recording.py
- Size
  
  2KB
- MD5
  
  f96ff48fc180f1ff9061bfbe24e18345
- SHA1
  
  04ef61dc7835254ea290adf02ce6c53417d8fc65
- SHA256
  
  e26c391e308216b2a3edf0ccd00ca49fad1dfa23919b65283998e0b222ae658b
- SHA512
  
  310b945dbf6f5140c91d5e8ff4687ebf465ad1310bd2c83854f07d0ec55ef61572f1c81b87576328ab5400f5a4a2b609e7c26c2ef49f75ffaeb8667b9d0e0792
Score

3^/10
behavioral14
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/monitor_control.py
- Size
  
  1KB
- MD5
  
  8b6627f4da686385b1209c97975cfcab
- SHA1
  
  adc20c87f81b3d6215fa115af0fcb18ae2c7b22e
- SHA256
  
  38e772019c14562c410d34b0cd61575aea4732f0ddf049e41d199800ed3fc865
- SHA512
  
  962dcabd2da7ddf753d0549081a88ef3a26d9cac5b729180a8253bae528ec39ee73bc6a4843d14591f03f5798d1706dca7967433cd47e9a5ea310dad2fa2c654
Score

3^/10
behavioral15
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/process.py
- Size
  
  18KB
- MD5
  
  c14ce0cb99efc40c6fbc634919ab27ef
- SHA1
  
  3b7b0e55a9f5cb9f8b2a5ed9d73f67884581f239
- SHA256
  
  9b77de8a32127a812aa3086a4192162463ec150df128d3da4cff6c2484f560ac
- SHA512
  
  b0e19ed71c3cb05eed311af13b02aa3b5ccff287f9871cc1448490b54ffb32a07bfddbcd9c36689fed4e954b3c67ca2ca6939495a6578f068ffb3bc34ac80d55
- SSDEEP
  
  192:qOeP15yK+nEXP0iq5f03ep0nqpxYDYl/TC/Y8EeepxYDYl/TCVYLJ0LeHe0F7Roj:bA1YEfXnC/TCp2/TCLUeF/TCO
Score

3^/10
behavioral16
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/registry.py
- Size
  
  2KB
- MD5
  
  bc95e20bb32be6d3f08d2735c0dd2e60
- SHA1
  
  3a9ca9cd739cba37f9fae7c61c505094bd124c07
- SHA256
  
  986f39763903c012a9098055673ee9125a745f4871c700b68ff82e8c723485ff
- SHA512
  
  d7d4f804282df338d28e0c5714c1950e0bbb91188cae50dc57e9a0d94464100bb319016b57b17fbc566ed1612db04a7a1b842d17f8a60c589f73b2f806d494a5
Score

3^/10
behavioral17
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/reverse_shell.py
- Size
  
  4KB
- MD5
  
  c344127361f7656ff059a9f3a94d4902
- SHA1
  
  77b1c7498f2de0a6f071da69ed9463ae0e98c2c7
- SHA256
  
  bcfb51771358c11da952af0e8918c7fe20f3e72070f454a0103341e9b3dda95f
- SHA512
  
  c49f33f22ff91655b1cc28d2e7c81cc82bc757d365c89c7c7327b7fcee5a939060eb96b6391f0b34fb74619532a7423fb7ed41c4bfea36e0b74f78e096bf2fe0
- SSDEEP
  
  96:max2utdEYlZw569nl4B698i2dW5O8aKuB4:oeEYlZwY9l4B69Gk08arB4
Score

3^/10
behavioral18
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/screen_manipulation.py
- Size
  
  9KB
- MD5
  
  f916a1ddaac6d6506787d977cb3575f8
- SHA1
  
  83f6b3cbcdf36512d69124a4d228fea005490e59
- SHA256
  
  243c867eb7527ad0548bb003b48a1756424f4b1072ea9deb41596b47ed445e83
- SHA512
  
  d98b3e7818c2325cb588490f6ab2bcb8175ead6ee4ab2c670411d2269b4a93a62b4ad7dfe751600bab2aeea3592a267cc03c96d2cc4df31cdf661e3e1cb70863
- SSDEEP
  
  192:Nl+FyowYns0Gz1VaWHBAntY4bGeJMyI9W8AJOdZhvz2mPB:NsFlwB1V3HBitY4bGeJMyI9W8AJOXhvb
Score

3^/10
behavioral19
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/screenrec.py
- Size
  
  1KB
- MD5
  
  7640b0660a6fbab7b4dbec29348b265e
- SHA1
  
  e8b3f10c02609a31258c2a3e50d1b762fb90e09c
- SHA256
  
  f1981198750c1ce77daa6d578bc392e4bc7d6eda84d5958005e3921d269b1a03
- SHA512
  
  1e7353444db588ad22584133e91dc934dfae3531131e103a1b589f64198d353fc2ecda53b42734988b6624ada8a693a577ea75f23317a578ad3f4d54ebc6b761
Score

3^/10
behavioral20
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/screenshot.py
- Size
  
  891B
- MD5
  
  c28ae2501b0b43ab6b0d26e5b91ea1e1
- SHA1
  
  caee21e9c05fc6470f38a8f50c1d0b3e2fd51823
- SHA256
  
  efe10d73cd0de804765331aaf0bbf35316dd492c0883d1fb943bb9c81a3424aa
- SHA512
  
  218fe84f9f5ecd51e3fbe2ed687437d8fd1d55f1407ce6ebaec59dfb43ae5ccadd8b6a7128e98e895daae2a6e30155b7de632758f1e8d803e7d2322fed3dc0ad
Score

3^/10
behavioral21
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/texttospeech.py
- Size
  
  1KB
- MD5
  
  fcdbea32d7fc0e631d1e1652994fc7b5
- SHA1
  
  2d302d21dafe696a136ea3a5748b08a9cd23ee85
- SHA256
  
  646aae0d27e33ffbcff71ebb6aa9699ee2a19f91093256589c197c37c3e3ed50
- SHA512
  
  a69cdda97fe8e7f4b552355345edef95b74f64d6a1024b17021bd7c20ce15c791a81899da4dd5053c39722b093b79ce41b0db3f148d69a1ac4945b5e583f2032
Score

3^/10
behavioral22
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/webcam.py
- Size
  
  2KB
- MD5
  
  a97ae4162ca683dcb634f68fdec40919
- SHA1
  
  476bf16fc4e0469df4e1709ba4de35e7119a803e
- SHA256
  
  4270b8e31bd0d6764da74561d98790f209c1f8b707ef432498efc88a4d482f63
- SHA512
  
  506a6d3a7eff0b016bae94034993b0d51ebe80cee10119465cdbefb6e404eccc880c0a5b8ecbe2637c3341717e5c16d02da407ad8a9b7c09d1a4e4f6bcbf0200
Score

3^/10
behavioral23
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/website_blocker.py
- Size
  
  3KB
- MD5
  
  94ae9ce60c17b17a567405104f8e2af4
- SHA1
  
  fd3028e1b107efe1d327449c747617467ad82ac1
- SHA256
  
  cbd3060fe8d2db48e18ac3c938e3f22c0be6c5d6ac281c0176d556ba3eebee29
- SHA512
  
  0fbc78a64961191b9b776a9cbc5e9789be1be6c47ea32fd04205f5613968a33d37b04ce933326ffbddbfaca16de445d8f9f2509dfc8849037ab2b1ae3cbdffcc
Score

3^/10
behavioral24
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/uac_bypass.py
- Size
  
  1KB
- MD5
  
  a69179260921f69272bead57ba60fabd
- SHA1
  
  98314565f2a1cdbf21979f7da28fa67ff8c1a440
- SHA256
  
  dc254e30154243db553a067b29fc88278c92fe271abdabb51ea24d72bd73fa0a
- SHA512
  
  6ae4e57f6f6bfc50fd911bafcbc8f74d3bf2ec317ec25fa6fb72d3f214703d53bbb107bee82b88e2bd15942b8a23f6be0fa5291e4c8f447c5fd8e27da56a40ec
Score

3^/10
behavioral25
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/upx.exe
- Size
  
  550KB
- MD5
  
  b3dd61fb7352cf96a99d0511c97e0c2a
- SHA1
  
  d2f7a2b512cc19e699ec01ec5384adc1a3fd9221
- SHA256
  
  c6dd0a6cac2d2153e4666aacf43d487c1b6e2bc16cb7f956514ab02883ef2a42
- SHA512
  
  de7ecd05532e8dfe085ccc09dac6a5e2bb8581e8c0c64b883d34809711900b2c7341e99fe55f6708417ee4fafb374d7f896c70179bb359d23a78c4e806bd5a75
- SSDEEP
  
  12288:oLAkZzH8b5MxqvwAeP5XACx49pFl5ZmhR7GAWNjvGe:oLFdyMxqv1eP5QC49Z+eA+L
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral26
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/source.py
- Size
  
  33KB
- MD5
  
  029637eceb0b968bedf23b46e1cae157
- SHA1
  
  98bf66e0df52a51779409cd50c27006798d677b3
- SHA256
  
  97b079a0d6cd2644aeaa99e3289392aa6f1497752b3c1a6da4c05924ecfd3696
- SHA512
  
  5ca4d580564b1c67ce65dc6e6c9e4a79873b10b2b077ef7d16b2b87af393784c60934a3de3f354c482573588f80b278c861753abc6c6774a498b8238365641b9
- SSDEEP
  
  768:NZnwsPgzswlEPPn3IcxNG+ylz7p6rXo4Ww9VtcllLlsyz:NZnwsPgzswlEEH76rQCI
Score

3^/10
behavioral27
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/DrawlingStudio.bat
- Size
  
  1KB
- MD5
  
  c23cad987de11d44272104ac5a22a573
- SHA1
  
  906042a786ca5fbe299605239c28ed83557e53af
- SHA256
  
  46c011abb3d16d70896c96f03882c302f3d3a0f31546ede5a0cc0eefbe14ecd0
- SHA512
  
  c3ac4b833ffe904e9a6eca59dd1b09b08fd5cc5c5dbe92b93a959afb1a3ca997da5f4a35c52c9146ed813feccdba71b424e4e93adc752fa8c7d414ee7b7e8db7
Score

1^/10
behavioral28
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/Runtime.exe
- Size
  
  80.3MB
- MD5
  
  a0e48668a88161a201b97390ce82fd45
- SHA1
  
  e34a8a05e5dd3f02d4ed7c884b7ceac4096e6764
- SHA256
  
  e457a348375f22569358dc4e5b294e096bb85e3180d856a0484a4ca55b5db836
- SHA512
  
  96b6f83980477ea6360e83569e2813642b2fc8bca5cdb5186c5640e64ad9cee4033bf27dfb5d1c7b558ecf23579b275b9460d46b1b4bcb0339f9f60fa88001ca
- SSDEEP
  
  1572864:dvxZQglZb7vaSk8IpG7V+VPhq+EE7hlgDiYgj+h58sMwoW29lSFcJz7:dvxZx/eSkB05aw+veN58j9l17
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/main.py
- Size
  
  7KB
- MD5
  
  892995a5c6a55160d1dbdc02c57b67be
- SHA1
  
  3096d356072471c069d0095fff31f5d3d904a0fc
- SHA256
  
  da48f620dd9002624bc48f7f92cd55ab54215eec55cdfb91669d9fa85c83de9c
- SHA512
  
  3fc47fcb91dde5785eeeeb735ce6c5ac5cde0660831a2519f815118e3ac0a5a025be8d67d9408b361f22059e90605fce791e4a7b0b4a8b6875c0b60ef363f077
- SSDEEP
  
  192:jDK3Fg+FV33eY9NtWDD04e5M5i3RxbL+la2G+fkmy/:4fyD04oM5i3XIj8m2
Score

3^/10
behavioral30
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/studio.py
- Size
  
  10KB
- MD5
  
  a24896fbb917fd04864740c1cdabdcd5
- SHA1
  
  667029049d6fe3ea3850c0ec52fb99ab107b2809
- SHA256
  
  726f57a8c71ddcdb2217c88ac2c198624a3784b4ad94a68edb8c6c357d959d73
- SHA512
  
  3432639374ee3422a9ed026485c5de49ab61ef42d0b3a2730e383f623de0792e5e7631780c39e4ca9a32ceb11bc60ecb87834eda5f0a8eed1e7eb9e2fb5dfbe7
- SSDEEP
  
  192:1TZyX4iWGyKiCkfHQHZFHJS5CWf0nqeBZQXoNv7CiJX9CWv:1lE4iWGyKiCkfHQPJSHf0nq6ZQXozCil
Score

3^/10
behavioral31
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/splitter.py
- Size
  
  817B
- MD5
  
  b7b45124f8a8cc65c69128e54b4fd920
- SHA1
  
  2940c55cb9df6772d8bd39c145afd241d9d5d08a
- SHA256
  
  0701d212d96005fb83bd3500b3ece8fb208eaa5fcb8e7117b9e2717ab65c7728
- SHA512
  
  cc78dc0c9732519338da78fd62822fb1234760defcbf58576776bcb5be314f7c89a6f0adc48bf75b81c4aebeac78e65211bd9bb29b2d11d62fa76674f4189ee2
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32