MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Phorpiex


Vendor detections: 20


Intelligence 20 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7
SHA3-384 hash: b75762d0cdf4b6156ce66c36320b17379eb751253ec7543a7a586d9446984d76e89304a86b535c6f1787064a9dcb69fc
SHA1 hash: 3ac48c857e66380ec16f636ac969aba1be5dbb6e
MD5 hash: 6ff808f90c532747835e5346945412f6
humanhash: november-eight-quebec-uniform
File name:file
Download: download sample
Signature Phorpiex
Create hunting rule
File size:81'920 bytes
First seen:2025-11-18 03:31:05 UTC
Last seen:2026-02-08 11:20:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f7da79b7c3f003ced1454bf7330a5f87 (5 x Phorpiex)
ssdeep 1536:E2qBXVOFmav82jRVzEf4mYttRWe/Rcl0Btudwg8:1qxnOrRVzZms3WXMtuh8
TLSH T14D833800F6D0923AF4F640FBE2F756A9282CEFB4130644E7539165AFAB209D5BD3146B
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10522/11/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-phorpiex exe Phorpiex


Avatar
Bitsight
url: http://195.178.136.19/gnul

Intelligence

File Origin
# of uploads :
7'382
# of downloads :
131
Origin country :
SG SG
Vendor Threat Intelligence
Malware family:
phorpiex
Create hunting rule
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2025-11-18 03:32:09 UTC
Tags:
auto-reg botnet phorpiex
Link:
https://app.any.run/tasks/5ba5753a-9358-4d89-a07f-ff36de93e88a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Phorpiex
Create hunting rule
Link:
https://www.capesandbox.com/analysis/38518/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691be88dbdb0ec3a9dc2f677
Tags:
downloader dropper remo
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the Windows directory
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
DNS request
Creating a window
Connection attempt
Sending a UDP request
Creating a file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Connection attempt to an infection source
Creating a file in the mass storage device
Sending an HTTP GET request to an infection source
Enabling threat expansion on mass storage devices
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
babar crypto explorer fingerprint lolbin microsoft_visual_cc phorpiex
Link:
https://www.filescan.io/uploads/691be888572bd6d2b09c7fa9/reports/7fb9dedc-1c30-446b-8119-48ed36565016/overview
Verdict:
Malicious
Labled as:
Adware.Babar.Generic
Link:
https://www.hybrid-analysis.com/sample/51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-18T00:35:00Z UTC
Last seen:
2025-11-20T01:34:00Z UTC
Hits:
~10000
Detections:
Trojan.Win32.Agent.sb Trojan.Win32.Patched.rw HEUR:Worm.Win32.Generic HEUR:Virus.Win32.Zeropi.gen HEUR:Trojan-Downloader.Win32.Agent.gen HEUR:Trojan-Banker.Win32.Phorpiex.gen HEUR:Trojan.Win32.Agent.gen Trojan.Agentb.UDP.C&C HEUR:Trojan.Win32.Generic Trojan-Dropper.Win32.Dorifel.sbc Trojan-Banker.Win32.ClipBanker.sb Trojan.Win32.Zonidel.sb RiskTool.BitCoinMiner.TCP.C&C BSS:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7/results?tab=lookup
Malware family:
Phorpiex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e4706525-f53d-4a73-b59a-ec14b9eff51f
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/6ff808f90c532747835e5346945412f6
Detection:
phorpiex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7/
Verdict:
Malicious
Threat:
Family.PHORPHIEX
Link:
https://tip.neiki.dev/file/51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7
Threat name:
Win32.Worm.Phorpiex
Create hunting rule
Status:
Malicious
First seen:
2025-11-18 03:31:23 UTC
File Type:
PE (Exe)
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfcvxtspjedb5bm4wtgigd45jm2hr6ohbavxxh2v726gqi2ka33q._file
Verdict:
malicious
Label(s):
unc_loader_055
Create hunting rule
phorpiex
Create hunting rule
Similar samples:
error
Phorpiex
Result
Malware family:
phorphiex
Create hunting rule
Score:
  10/10
Tags:
family:phorphiex discovery loader persistence spyware stealer trojan worm
Link:
https://tria.ge/reports/251118-d27xeaan8x/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Adds Run key to start application
Executes dropped EXE
Reads user/profile data of web browsers
Phorphiex family
Phorphiex payload
Phorphiex, Phorpiex
Malware Config
C2 Extraction:
http://178.16.54.109/
http://195.178.136.19/
178.16.54.109
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8c1dbaac-11af-4ede-80a5-f417ebe6be20
Unpacked files
SH256 hash:
51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7
MD5 hash:
6ff808f90c532747835e5346945412f6
SHA1 hash:
3ac48c857e66380ec16f636ac969aba1be5dbb6e
Link:
https://www.unpac.me/results/0171854b-e1dc-4ddc-aed6-7192e47ae498/
Malware family:
Phorpiex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/51455bce4f49/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Phorpiex
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Phorpiex

Executable exe 51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7

(this sample)

  
Dropped by
Phorpiex
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/38518/
  
URLhaus
https://urlhaus.abuse.ch/url/3688690/

Comments