Overview

overview

10

Static

static

10

Phxnt0m-ma...nux.sh

ubuntu-18.04-amd64

1

Phxnt0m-ma...nux.sh

debian-9-armhf

1

Phxnt0m-ma...nux.sh

debian-9-mips

1

Phxnt0m-ma...nux.sh

debian-9-mipsel

1

Phxnt0m-ma...0m.bat

windows7-x64

1

Phxnt0m-ma...0m.bat

windows10-2004-x64

1

Phxnt0m-ma...der.py

windows7-x64

3

Phxnt0m-ma...der.py

windows10-2004-x64

3

Phxnt0m-ma...ler.py

windows7-x64

3

Phxnt0m-ma...ler.py

windows10-2004-x64

3

Phxnt0m-ma...11.pyc

windows7-x64

3

Phxnt0m-ma...11.pyc

windows10-2004-x64

3

Phxnt0m-ma...11.pyc

windows7-x64

3

Phxnt0m-ma...11.pyc

windows10-2004-x64

3

Phxnt0m-ma...ber.py

windows7-x64

3

Phxnt0m-ma...ber.py

windows10-2004-x64

3

Phxnt0m-ma...ies.py

windows7-x64

3

Phxnt0m-ma...ies.py

windows10-2004-x64

3

Phxnt0m-ma...64.dll

windows7-x64

1

Phxnt0m-ma...64.dll

windows10-2004-x64

1

Phxnt0m-ma...isc.py

windows7-x64

3

Phxnt0m-ma...isc.py

windows10-2004-x64

3

Phxnt0m-ma...ber.py

windows7-x64

3

Phxnt0m-ma...ber.py

windows10-2004-x64

3

Phxnt0m-ma...ons.py

windows7-x64

3

Phxnt0m-ma...ons.py

windows10-2004-x64

3

Phxnt0m-ma...rol.py

windows7-x64

3

Phxnt0m-ma...rol.py

windows10-2004-x64

3

Phxnt0m-ma...put.py

windows7-x64

3

Phxnt0m-ma...put.py

windows10-2004-x64

3

Phxnt0m-ma...sod.py

windows7-x64

3

Phxnt0m-ma...sod.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Phxnt0m-malware-main.rar

  • Size

    80.5MB

  • MD5

    aa1230d889daca352561f898d83aa329

  • SHA1

    35bc6b912cfcdef424aa2835d9421f0ba5d6d302

  • SHA256

    3816c836b3af21fcc7f05a71ad13b17aaa110be1ecee68aa18c22bf9729bca48

  • SHA512

    ecd08913e085f0332dd3a8b084384874d50940f6aada756ac6b72c65dffaccc65cb702f7887bca2874d97680bf611322599455e635c3795b57b081ee2fe36946

  • SSDEEP

    1572864:OVIyO5+l3RqxPbpxqz/uyyQFUBLVLIhzLowtp/sADMhNUw2A5e9:fd5+lhqh/07LowPDWle9

Score
10/10
upxpyinstallerpysilon

Malware Config

Signatures

  • Detect Pysilon 1 IoCs
  • Pysilon family
    pysilon
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • Phxnt0m-malware-main.rar
    .rar

    Password: sigma

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/.github/ISSUE_TEMPLATE/bug_report.md
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/.github/ISSUE_TEMPLATE/feature_request.md
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/.github/ISSUE_TEMPLATE/if-you-are-unsure-pick-bug-report.md
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/.gitignore
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/CODE_OF_CONDUCT.md
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/CONTRIBUTING.md
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/LICENSE
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/Phxnt0m-linux.sh
    .sh linux
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/Phxnt0m.bat
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/Phxnt0m.key
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/builder.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/compiler.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/requirements.txt
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/__pycache__/discord_token_grabber.cpython-311.pyc
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/__pycache__/protections.cpython-311.pyc
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/crypto_clipper.json
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/custom_imports.ini
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/discord_token_grabber.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/get_cookies.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/icons/discord/messagebox-exclamation.png
    .png

    Password: sigma

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/icons/discord/messagebox-info.png
    .png

    Password: sigma

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/icons/discord/messagebox-question.png
    .png

    Password: sigma

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/icons/discord/messagebox-stop.png
    .png

    Password: sigma

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/icons/embed_icon.png
    .png

    Password: sigma

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/icons/icon.ico
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/libopus-0.x64.dll
    .dll windows:6 windows x64 arch:x64

    Password: sigma

    a16037b80461374dbaac126287be81b9


    Headers

    Imports

    Exports

    Sections

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/misc.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/passwords_grabber.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/protections.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/audio_control.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/block_input.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/bsod.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/crypto_clipper.py
    .py .js
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_downloading.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_encryption.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_explorer.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_removal.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/file_uploading.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/fork_bomb.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/grabber.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/jumpscare.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/keylogger.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/keystrokes.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/live_microphone.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/messager.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/microphone_recording.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/monitor_control.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/process.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/registry.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/reverse_shell.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/screen_manipulation.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/screenrec.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/screenshot.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/texttospeech.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/webcam.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/website_blocker.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/uac_bypass.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/upx.exe
    .exe windows:4 windows x64 arch:x64

    Password: sigma


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Phxnt0m-malware-main/Phxnt0mware RAT - main/source.py
    .py .ps1
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/to_uninstall.txt
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/DrawlingStudio.bat
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/Runtime.exe
    .exe windows:6 windows x64 arch:x64

    Password: sigma

    456e8615ad4320c9f54e50319a19df9c


    Headers

    Imports

    Sections

  • discord_token_grabber.pyc
  • get_cookies.pyc
  • misc.pyc
  • passwords_grabber.pyc
  • source_prepared.pyc
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/assets/create_new.png
    .png
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/assets/icon.ico
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/main.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/requirements.txt
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/saves/previews/skull.png
    .png
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/saves/skull.drawdata
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/studio.py
  • Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/splitter.py