phorphiex | a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383e | Triage

Submit
Reports

Overview

overview

Static

static

3

a815537901...eN.exe

windows7-x64

a815537901...eN.exe

windows10-2004-x64

Sharing

General

Target

a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383eN.exe
Size

418KB
Sample

250115-1zx1rayjcj
MD5

d3e072cbf7566f7e60c2c4ae7689b390
SHA1

73f73a2287381db84ad7071c09a0359bb86f6e35
SHA256

a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383e
SHA512

67ed87663d96f52697d96a2aef366728058b77f9889b8c875e12f20aa3ca86072b769b33d55c44acb9b794072759f11851d67a260185e2e50505cb49788d9068
SSDEEP

6144:Tyqx5ViWVR8hMdKBeZLGNf8Jmaun1fkCv1NKYQeGuDDZ/fpC7UEAsx5hg:+qxihMMBedJ9un1fkC3K3eGg1fM7Ms3+

Score

10^/10

phorphiex discovery evasion loader persistence trojan worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383eN.exe

Resource

win7-20241010-en

phorphiex discovery evasion loader persistence trojan worm

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383eN.exe

Resource

win10v2004-20241007-en

phorphiex discovery evasion loader persistence trojan worm

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

phorphiex

C2

http://185.176.27.132/

http://urusurofhsorhfuuhr.su/

http://aeifaeifhutuhuhusr.su/

http://rzhsudhugugfugugsr.su/

http://bfagzzezgaegzgfair.su/

http://eaeuafhuaegfugeudr.su/

http://aeufuaehfiuehfuhfr.su/

http://daedagheauehfuuhfr.su/

http://aeoughaoheguaoehdr.su/

http://eguaheoghouughahsr.su/

http://huaeokaefoaeguaehr.su/

http://afaeigaifgsgrhhafr.su/

http://afaigaeigieufuifir.su/

http://geauhouefheuutiiir.su/

http://gaoheeuofhefefhutr.su/

http://gaouehaehfoaeajrsr.su/

http://gaohrhurhuhruhfsdr.su/

http://gaghpaheiafhjefijr.su/

http://gaoehuoaoefhuhfugr.su/

http://aegohaohuoruitiier.su/

http://befaheaiudeuhughgr.su/

http://urusurofhsorhfuuhz.io/

http://aeifaeifhutuhuhusz.io/

http://rzhsudhugugfugugsz.io/

Wallets

18bzpjFfo5JQ41GzzUNRMgcE7WwQwpqFrR

qzrlc85n7vu220yz2ev2vzdyanzpewfx4y9ntufhuz

XhEqUEiD1bLxA8mRePYqLSqzZfLXp1X74m

D6tmLUzcMLo6iMCjG8NCgTefkn5tw3L5Lm

0xab1b250d67d08bf73ac864ea57af8cf762a29649

LhGa2pRATCyusFbYRhJSoyXrx3om9Yxnca

t1ZaBJjdvxKaqTmNV2qjDVK3FtpLL73ZXcj

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

Targets

- Target
  
  a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383eN.exe
- Size
  
  418KB
- MD5
  
  d3e072cbf7566f7e60c2c4ae7689b390
- SHA1
  
  73f73a2287381db84ad7071c09a0359bb86f6e35
- SHA256
  
  a815537901e8b0da0482719a8182f7444ee13003389121d283cff481f0b8383e
- SHA512
  
  67ed87663d96f52697d96a2aef366728058b77f9889b8c875e12f20aa3ca86072b769b33d55c44acb9b794072759f11851d67a260185e2e50505cb49788d9068
- SSDEEP
  
  6144:Tyqx5ViWVR8hMdKBeZLGNf8Jmaun1fkCv1NKYQeGuDDZ/fpC7UEAsx5hg:+qxihMMBedJ9un1fkC3K3eGg1fM7Ms3+
Score

10^/10

phorphiex discovery evasion loader persistence trojan worm
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Phorphiex family
  phorphiex
- Phorphiex payload
- Phorphiex, Phorpiex
  Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phorphiexdiscoveryevasionloaderpersistencetrojanworm

behavioral2

phorphiexdiscoveryevasionloaderpersistencetrojanworm

© 2018-2025

Terms | Privacy