Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3aa0a31f343b949a91bd1ee0c6546cb4d21994e019dcd3026c1e6187a2561f14
-
Size
860KB
-
Sample
250311-1153rawqt9
-
MD5
70771cd18e2b4ba1d6418e1bcff40a77
-
SHA1
31209ff8d285ed77ab5083378246de371edbc83d
-
SHA256
3aa0a31f343b949a91bd1ee0c6546cb4d21994e019dcd3026c1e6187a2561f14
-
SHA512
f44512881710d76718da45fd43f1f2255d1a951ea13e724134795e06f60a6f12232ab9f550a75b951f22db8979d7558633def91776741930f7f9000ebfcdf135
-
SSDEEP
3072:fyBDE03tjf155Gb1QbhDBNYOd5AqVXtFk:vMtD155G2N5QQXtFk
Malware Config
Extracted
phorphiex
http://tldrbox.top/
http://92.63.197.225/
http://aeufoeahfouefhga.ru/
http://aefuaeufhueuufua.ru/
http://awduhawduhuhhaga.ru/
http://badaeduahedhhuaa.ru/
http://euuauudduufuugua.ru/
http://azezezbdndnnnsna.ru/
http://aegieuueueuuruia.ru/
http://awbnmnmammmamnra.ru/
http://ploaiedueaigzefa.ru/
http://eueuqundnndnsuda.ru/
http://eooeoeoririusfra.ru/
http://nbmbnmbembfaeura.ru/
http://euauueuueuruudga.ru/
http://afieifaieudhhuda.ru/
http://fauibdbebdbburua.ru/
http://aeufoeahfouefhgz.su/
http://aefuaeufhueuufuz.su/
http://awduhawduhuhhagz.su/
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; SM-T813) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Safari/537.36
Targets
-
-
Target
3aa0a31f343b949a91bd1ee0c6546cb4d21994e019dcd3026c1e6187a2561f14
-
Size
860KB
-
MD5
70771cd18e2b4ba1d6418e1bcff40a77
-
SHA1
31209ff8d285ed77ab5083378246de371edbc83d
-
SHA256
3aa0a31f343b949a91bd1ee0c6546cb4d21994e019dcd3026c1e6187a2561f14
-
SHA512
f44512881710d76718da45fd43f1f2255d1a951ea13e724134795e06f60a6f12232ab9f550a75b951f22db8979d7558633def91776741930f7f9000ebfcdf135
-
SSDEEP
3072:fyBDE03tjf155Gb1QbhDBNYOd5AqVXtFk:vMtD155G2N5QQXtFk
Score10/10-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Phorphiex family
-
Phorphiex, Phorpiex
Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2