Overview

overview

10

Static

static

3

2025-04-14...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-14_055c66efabe8a08249f361c25c268776_black-basta_cobalt-strike_satacom

  • Size

    540KB

  • Sample

    250414-3ez1qatmx6

  • MD5

    055c66efabe8a08249f361c25c268776

  • SHA1

    4e0fe1bd0268c3597f2174155b1644f26801eb75

  • SHA256

    3b3a3f2b9e4277b0a2398c052b16bcf4fd5bdddf6d5a9510d50eed2922e4909a

  • SHA512

    d9778db805d9b1946d52e07997661933f3ba50c88f25c51844e02a69f3bacffb42469d61313671a2db3b0a27b7312fb7f3ead9ad23e1f5d724c864f5924241d5

  • SSDEEP

    6144:biTqgf2uaWvLZTzkI1uIRInWa4P8I37tJbULD4VH:eTqgf2uakLV5MIRI8r/

Score
10/10
phorphiexdiscoveryloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

http://185.39.17.124/
Wallets

TW3wpRJmZgC5WifuY468JBUCF3TEkzBT5H

qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r

rsXCXBf9SagxV8JfC12d8Bybk84oPdMNN9

AULzfBuUAPfCGAXoG5Vq14aP9s6fx3AH4Z

LdgchXq1sKbAaAJ1EXAPSRBzLb8jnTZstT

MF6iVGLmErYP9y4B9SwtzarDoy3ETSzYrh

4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK

XryzFMFVpDUvU7famUGf214EXD3xNUSmQf

0x46e5cc402BC848ceC9f4d65c9B48aE7D7A24821B

15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC

1B8FF5WwJXNnjkVzxgPkAznVZ8uKb3Watx

ltc1qyfzdpxky7q2grz4zmqv5x0t0uwfuznl5u43c93

3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc

3GcQJkfHq7NWgBhhNKjz7uSfM6LzADpLvX

CSLKveRL2zqkbV2TqiFVuW6twtpqgFajoUZLAJQTTQk2

DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA

t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh

stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj

bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2

bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr
Attributes
  • mutex

    x5x7x2x9x

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Targets

    • Target

      2025-04-14_055c66efabe8a08249f361c25c268776_black-basta_cobalt-strike_satacom

    • Size

      540KB

    • MD5

      055c66efabe8a08249f361c25c268776

    • SHA1

      4e0fe1bd0268c3597f2174155b1644f26801eb75

    • SHA256

      3b3a3f2b9e4277b0a2398c052b16bcf4fd5bdddf6d5a9510d50eed2922e4909a

    • SHA512

      d9778db805d9b1946d52e07997661933f3ba50c88f25c51844e02a69f3bacffb42469d61313671a2db3b0a27b7312fb7f3ead9ad23e1f5d724c864f5924241d5

    • SSDEEP

      6144:biTqgf2uaWvLZTzkI1uIRInWa4P8I37tJbULD4VH:eTqgf2uakLV5MIRI8r/

    Score
    10/10
    phorphiexdiscoveryloaderpersistencetrojanworm

    • Phorphiex family

      phorphiex

    • Phorphiex payload

    • Phorphiex, Phorpiex

      Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.