phorphiex | aed4ab578ba8613117a2132bee215cdc3b360a1d9f993ad937ed3eecd7e9f3e6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0x00090000...13.exe

windows7-x64

0x00090000...13.exe

windows10-2004-x64

Sharing

General

Target

0x00090000000186d2-13.dat
Size

13KB
Sample

250322-y1x12aztbt
MD5

181921fd5d4f7e043b446392233698ee
SHA1

0f710714ea4c01446dcb2ea4f29256fd53633f5c
SHA256

aed4ab578ba8613117a2132bee215cdc3b360a1d9f993ad937ed3eecd7e9f3e6
SHA512

a04699fa408ceb79f89cf61f2bea6ab85b6d93b52989f7d5ba6bdb22964fe8bc2a19aa3e1a02b063b11f8a63f3d3582ba0a621b97d911c27e2010fe9df5c6172
SSDEEP

96:Rn5yFlc1etNBv+B+d4DMwDLxZO7i+/f3FXT/fKFJxGE9b+z2FFhVC7tCEfd:XyketNBm3zZO2+HFHKFJxTZ+zmFhGf

Score

10^/10

phorphiex xmrig defense_evasion discovery execution loader miner persistence spyware stealer trojan upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x00090000000186d2-13.exe

Resource

win7-20240729-en

phorphiex xmrig defense_evasion discovery execution loader miner persistence spyware stealer trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00090000000186d2-13.exe

Resource

win10v2004-20250314-en

phorphiex xmrig defense_evasion discovery execution loader miner persistence spyware stealer trojan upx worm

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66

185.215.113.66

Targets

- Target
  
  0x00090000000186d2-13.dat
- Size
  
  13KB
- MD5
  
  181921fd5d4f7e043b446392233698ee
- SHA1
  
  0f710714ea4c01446dcb2ea4f29256fd53633f5c
- SHA256
  
  aed4ab578ba8613117a2132bee215cdc3b360a1d9f993ad937ed3eecd7e9f3e6
- SHA512
  
  a04699fa408ceb79f89cf61f2bea6ab85b6d93b52989f7d5ba6bdb22964fe8bc2a19aa3e1a02b063b11f8a63f3d3582ba0a621b97d911c27e2010fe9df5c6172
- SSDEEP
  
  96:Rn5yFlc1etNBv+B+d4DMwDLxZO7i+/f3FXT/fKFJxGE9b+z2FFhVC7tCEfd:XyketNBm3zZO2+HFHKFJxTZ+zmFhGf
Score

10^/10

phorphiex xmrig defense_evasion discovery execution loader miner persistence spyware stealer trojan upx worm
- Phorphiex family
  phorphiex
- Phorphiex, Phorpiex
  Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Stops running service(s)
  defense_evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

phorphiexxmrigdefense_evasiondiscoveryexecutionloaderminerpersistencespywarestealertrojanupxworm

behavioral2

phorphiexxmrigdefense_evasiondiscoveryexecutionloaderminerpersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy