MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d962cb2d57680fd29df911af87220c4b614bbd34ea1010abb7e7005f352120a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Phorpiex


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d962cb2d57680fd29df911af87220c4b614bbd34ea1010abb7e7005f352120a
SHA3-384 hash: 0fea1a2b6b0f84cbcf2ef1ab671caa082726090e3b2137e263e6ea45f909ae8e016b1737d403c7d1027352a7c15145b7
SHA1 hash: e24860711bdbdee2e20e150d34d7fe166307fe32
MD5 hash: 40c4226bf91bddacc0b0283963fd7b71
humanhash: venus-beer-cup-arkansas
File name:40c4226bf91bddacc0b0283963fd7b71
Download: download sample
Signature Phorpiex
Create hunting rule
File size:20'992 bytes
First seen:2022-08-19 15:15:15 UTC
Last seen:2022-08-19 16:16:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eb9ecade5150c0b948e3fb49490e42b4 (4 x Phorpiex)
ssdeep 384:+9r+d0ZQLc01PpjeFibYTJ4JVB0+A3A1jxb5+AFjp1o2:mr+v5PpjVYA036jxDFjp
Threatray 22 similar samples on MalwareBazaar
TLSH T1D992E60A9955636EE4752430A3733E3EB039B937234D88DFDA8406B555A8ED1FB3334A
TrID 42.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
17.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
13.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.6% (.EXE) Win32 Executable (generic) (4505/5/1)
5.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe Phorpiex

Intelligence

File Origin
# of uploads :
2
# of downloads :
325
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
40c4226bf91bddacc0b0283963fd7b71
Verdict:
No threats detected
Analysis date:
2022-08-19 15:17:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/04ec2ac7-4ff9-4863-b193-0e7e9ce703fe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/299788/
Detection(s):
SecuriteInfo.com.Variant.Doina.30661.25316.8236.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for the window
Sending a custom TCP request
Changing an executable file
Infecting executable files
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/29506/overview
Behaviour
MalwareBazaar
CallSleep
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fuerboos phorpiex
Link:
https://www.filescan.io/uploads/62ffa9732093f73528702d1a/reports/0acd50c8-eb08-4f43-a3f9-65c74e8c94d8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Phorpiex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f68a2fd2-8b9e-4608-8c11-0dc58b0d09a4
Result
Threat name:
Phorpiex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1054476
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Phorpiex
Behaviour
Behavior Graph:
Download SVG
Detection:
phorpiex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3d962cb2d57680fd29df911af87220c4b614bbd34ea1010abb7e7005f352120a/
Threat name:
Win32.Trojan.Patched
Create hunting rule
Status:
Malicious
First seen:
2022-08-19 15:16:07 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
28 of 39 (71.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwlczmwvo2ap2ko7senpq4rays3bjo6tj2qqccv3pzyal42scifa._file
Verdict:
malicious
Similar samples:
2480a9b260108a5cd8630419c5d76fc359d926970cb4a71926924ce56ccad98b
Phorpiex
38637b0bf898df12f7549c595eb255b38995e8da8058bff700428d90e98052c1
Phorpiex
68657be04f5b550fec4671437e5dc5849408eada96f5ff44cb0972b0e28ca5be
Phorpiex
6b8db690c42dd36a718e9265d3aff27ef22e4c3cfcc686f075935f25540b2256
Phorpiex
7fff83cae8e0c8848bfdef443f51b5caea1474814c5d1691f0ccf0f3bcd7392a
Phorpiex
83dedf11eef47762c075437c42ef5c89ac69510a7712b54811de55c6d5e7e72c
Phorpiex
ba7a55b17174de39cb44b553a52de3d0b3c979d37104a5ad1580cb97a8acc800
Phorpiex
d03c04a685a0a4f735c0456cb4d1073792a19ea0fbf18a0c28d7b445798a4a18
Phorpiex
daae9853987194a9b7c36d8ddfe8f7cb6046ff8e73a575c4500d77a368f33808
Phorpiex
f8a3b64aa3c1c639a5ce1b100de860d4f97703879df0d01ce0118ae97c1b7423
Phorpiex
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/220819-snfnbshfe3/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
3d962cb2d57680fd29df911af87220c4b614bbd34ea1010abb7e7005f352120a
MD5 hash:
40c4226bf91bddacc0b0283963fd7b71
SHA1 hash:
e24860711bdbdee2e20e150d34d7fe166307fe32
Link:
https://www.unpac.me/results/895db8d5-1568-4577-b688-7b6cef4edea0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3d962cb2d57680fd29df911af87220c4b614bbd34ea1010abb7e7005f352120a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Phorpiex

Executable exe 3d962cb2d57680fd29df911af87220c4b614bbd34ea1010abb7e7005f352120a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1961882/
  
URLhaus
https://urlhaus.abuse.ch/url/2274783/
Cape
Cape
https://www.capesandbox.com/analysis/299788/

Comments


Avatar
zbet commented on 2022-08-19 15:15:19 UTC

url : hxxp://185.215.113.66/peinf.exe