Overview

overview

10

Static

static

3

2025-04-14...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-14_93d2c946a17daff942967db7cbd2f10b_black-basta_cobalt-strike_elex_luca-stealer

  • Size

    201KB

  • Sample

    250414-3md38ay1es

  • MD5

    93d2c946a17daff942967db7cbd2f10b

  • SHA1

    4ec8adc121dcbcf698fc5314c3bf7ba4aa4b4fe9

  • SHA256

    09b8490826c6c7e8dbe198bc366d856d72686a8ab714b37c6c6add660ad648cd

  • SHA512

    371cb0be6b19f6584eb738bf6a8ba6f3c330055d4ca6ba96fed7b79f788741bfbec23de62b2f92730018c4bc92ab247e1d32fc75d301e9e5e28b4b5bae2dc01e

  • SSDEEP

    3072:lBCMHTzBmRFUbvcHmB/u16YG22TmKieYoYvV7HFUFhUl1MZPX:lb5mvU7lu0pdMoAV7HFsc1SX

Score
10/10
phorphiexdiscoveryloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

http://185.39.17.124/
Wallets

TW3wpRJmZgC5WifuY468JBUCF3TEkzBT5H

qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r

rsXCXBf9SagxV8JfC12d8Bybk84oPdMNN9

AULzfBuUAPfCGAXoG5Vq14aP9s6fx3AH4Z

LdgchXq1sKbAaAJ1EXAPSRBzLb8jnTZstT

MF6iVGLmErYP9y4B9SwtzarDoy3ETSzYrh

4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK

XryzFMFVpDUvU7famUGf214EXD3xNUSmQf

0x46e5cc402BC848ceC9f4d65c9B48aE7D7A24821B

15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC

1B8FF5WwJXNnjkVzxgPkAznVZ8uKb3Watx

ltc1qyfzdpxky7q2grz4zmqv5x0t0uwfuznl5u43c93

3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc

3GcQJkfHq7NWgBhhNKjz7uSfM6LzADpLvX

CSLKveRL2zqkbV2TqiFVuW6twtpqgFajoUZLAJQTTQk2

DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA

t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh

stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj

bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2

bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr
Attributes
  • mutex

    x5x7x2x9x

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Targets

    • Target

      2025-04-14_93d2c946a17daff942967db7cbd2f10b_black-basta_cobalt-strike_elex_luca-stealer

    • Size

      201KB

    • MD5

      93d2c946a17daff942967db7cbd2f10b

    • SHA1

      4ec8adc121dcbcf698fc5314c3bf7ba4aa4b4fe9

    • SHA256

      09b8490826c6c7e8dbe198bc366d856d72686a8ab714b37c6c6add660ad648cd

    • SHA512

      371cb0be6b19f6584eb738bf6a8ba6f3c330055d4ca6ba96fed7b79f788741bfbec23de62b2f92730018c4bc92ab247e1d32fc75d301e9e5e28b4b5bae2dc01e

    • SSDEEP

      3072:lBCMHTzBmRFUbvcHmB/u16YG22TmKieYoYvV7HFUFhUl1MZPX:lb5mvU7lu0pdMoAV7HFsc1SX

    Score
    10/10
    phorphiexdiscoveryloaderpersistencetrojanworm

    • Phorphiex family

      phorphiex

    • Phorphiex payload

    • Phorphiex, Phorpiex

      Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

      wormtrojanloaderphorphiex

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.