Overview

overview

8

Static

static

sphinx_1.0...ir.exe

windows7_x64

8

sphinx_1.0...ir.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sphinx_1.0.0.0.vir

  • Size

    1.6MB

  • Sample

    200719-khthxm64q2

  • MD5

    9f6d20d788c7cc43f05c30249cb743fa

  • SHA1

    f94698dd370ff396d2203b0ce4f6c91c234d11ff

  • SHA256

    18f150bc5cab780a4eaf35e198bb343497528b4095613ab48a8585c5caa937b5

  • SHA512

    769a8fb1ceb96f52b73667093910f84d738155dbfe60abd90184cad8b3cd6b449f7040f7b3bf3fd825e5ddfacfb93590bb1fb98c03fb687da0d91283fb08df68

Score
8/10
persistence

Malware Config

Targets

    • Target

      sphinx_1.0.0.0.vir

    • Size

      1.6MB

    • MD5

      9f6d20d788c7cc43f05c30249cb743fa

    • SHA1

      f94698dd370ff396d2203b0ce4f6c91c234d11ff

    • SHA256

      18f150bc5cab780a4eaf35e198bb343497528b4095613ab48a8585c5caa937b5

    • SHA512

      769a8fb1ceb96f52b73667093910f84d738155dbfe60abd90184cad8b3cd6b449f7040f7b3bf3fd825e5ddfacfb93590bb1fb98c03fb687da0d91283fb08df68

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks