3816c836b3af21fcc7f05a71ad13b17aaa110be1ecee68aa18c22bf9729bca48

Analysis

max time kernel
91s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2024 01:47

Target

Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/__pycache__/discord_token_grabber.cpython-311.pyc
Size

17KB
MD5

6f3eceb15c82bec23053daf172029efa
SHA1

85c9d84e4fbd99d19ade72a41055489a3dc1c038
SHA256

b692ef85a75468a8a22b6972028b2e59ada33f69c7c91c68fa176793e31ac7ed
SHA512

e6178706eaa78fff9ec9e077b79ba5c8cc1ce78ec3dd79fe5525e5d0b266e6155993ef1f544cb5fcee8fdd3336d2de8b696059d2ea400b45736ebcc32ed81f03
SSDEEP

384:bGOlyAavwR9F0Rn8wyTPQviowoYbJNcWWIc05S:bvlytv49iRn8JQ6owoY1NDd5S

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2396	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Phxnt0m-malware-main\Phxnt0mware RAT - main\resources\__pycache__\discord_token_grabber.cpython-311.pyc"
1⤵
- Modifies registry class
PID:5080

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact