phorphiex | 270763016622ee3b6a71dd86701219f353204bfb5a625d87e9ef7a559a88a175

Sharing

Copy URL

Twitter E-mail

General

Target

270763016622ee3b6a71dd86701219f353204bfb5a625d87e9ef7a559a88a175
Size

81KB
MD5

d000400aad10f6dbfa050ce99b2ca2fe
SHA1

6af4f8a6ef6abdaa628a6ea47b45b5c3372dc148
SHA256

270763016622ee3b6a71dd86701219f353204bfb5a625d87e9ef7a559a88a175
SHA512

ef4d2243873a1a578abd2e680c20665e6ec3339ffd011a0792c5ed69c7d928eb4b535ffa3a7b2f9c0191ac4ea8e13548e3a916bb07720fbc4a5ce2996106a255
SSDEEP

1536:gC5PA43vkQMeJkV3cOp58GHwZmdWtaHNeVMHk3geoogpmT:gYA43MteJkVMaZdAaHNeVMEQLR

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

http://185.215.113.66/

http://91.202.233.141/

http://193.233.132.177/

Wallets

0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b

THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto

1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6

qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL

LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX

rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH

ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH

t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn

bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd

bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg

bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36

Signatures

Phorphiex family
phorphiex

Phorphiex payload 1 IoCs

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
270763016622ee3b6a71dd86701219f353204bfb5a625d87e9ef7a559a88a175

Files

270763016622ee3b6a71dd86701219f353204bfb5a625d87e9ef7a559a88a175
.exe windows:5 windows x86 arch:x86

24e3a14d31686a042f9eebb5c9549dc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
memcpy
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcscmp
wcslen
_except_handler3
strcmp
srand
strlen
mbstowcs
rand
memset
isalpha
isdigit
_crt_debugger_hook

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileW

shlwapi

StrStrW
PathFindFileNameW

kernel32

GetLastError
ExitProcess
GetModuleFileNameW
CopyFileW
SetFileAttributesW
CreateThread
HeapValidate
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
GetLocaleInfoA
CreateProcessW
CreateMutexA
WriteFile
DeleteFileW
CreateFileW
GetFileSize
CreateFileMappingA
MapViewOfFile
HeapAlloc
HeapFree
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
GetModuleHandleW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
ExpandEnvironmentStringsW
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep

user32

TranslateMessage
GetMessageA
CreateWindowExW
RegisterClassExW
wsprintfW
DefWindowProcA
ChangeClipboardChain
DispatchMessageA
GetClipboardData
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
OpenClipboard
SetClipboardData
EmptyClipboard
RegisterRawInputDevices
CloseClipboard

advapi32

CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptVerifySignatureA
CryptHashData
CryptCreateHash
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExW
RegOpenKeyExW
CryptDestroyKey

shell32

ShellExecuteW

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

euimggc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cexnswp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

24e3a14d31686a042f9eebb5c9549dc4

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

wininet

urlmon

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 28KB - Virtual size: 29KB

euimggc Size: - Virtual size: 4KB

.zero Size: 31KB - Virtual size: 32KB

cexnswp Size: - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 28KB - Virtual size: 29KB

euimggc
Size: - Virtual size: 4KB

.zero
Size: 31KB - Virtual size: 32KB

cexnswp
Size: - Virtual size: 4KB