MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



PhoenixStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71
SHA3-384 hash: 33a6ded08d0e72e833231accd77e078ace019599c3ded3671f262cad742240ee36a51b5071f1b4bd7dbf21af6705390c
SHA1 hash: 12ab2f870432381662ca2c3390026b585a3a3422
MD5 hash: cab000059d249508c491d28e0fecc84e
humanhash: spaghetti-one-massachusetts-asparagus
File name:52768773.exe
Download: download sample
Signature PhoenixStealer
File size:1'136'792 bytes
First seen:2022-03-22 19:18:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 445554923421947cbff896012e27345a (301 x RedLineStealer, 11 x RaccoonStealer, 5 x CoinMiner)
ssdeep 24576:YUP6I3u+NR+MhooPKywTqPaW0Avw/qMviuuw19VZ1kEaHNYK3v7oy3NVzLa:Ya6I3nNR+MhfL9OAoiM1usNaxU6NVa
Threatray 1'869 similar samples on MalwareBazaar
TLSH T17835330664F8B81CC44F76B1789AF65C0A0B3694F6D16BAF739AC3C2460F5C95127BB8
Reporter adm1n_usa32
Tags:exe PhoenixStealer

Intelligence


File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Сreating synchronization primitives
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Phoenix Stealer
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Behaviour
Behavior Graph:
n/a
Threat name:
Win32.Infostealer.Phoenix
Status:
Malicious
First seen:
2022-03-18 02:18:50 UTC
File Type:
PE (Exe)
AV detection:
32 of 42 (76.19%)
Threat level:
  5/5
Result
Malware family:
phoenixstealer
Score:
  10/10
Tags:
family:phoenixstealer stealer
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
PhoenixStealer
Unpacked files
SH256 hash:
d5afd77fafeae78b5a0d0ab899cbb9674b7e49cff08c602d44fd8f8a8e353ebc
MD5 hash:
bc725d4606d99e92eed6c09d94b865b8
SHA1 hash:
cc33d173ca9c6a8a6821f22027dbace5cef06349
SH256 hash:
97a3428c774ce2045938bcf8860679e446030a9cd6513f6427c904a5521e81c3
MD5 hash:
223a82af52fa9d097c3eaaeb283fb870
SHA1 hash:
c46df983a3acd3e14e8a636c81a9de2b7247b6bb
SH256 hash:
6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71
MD5 hash:
cab000059d249508c491d28e0fecc84e
SHA1 hash:
12ab2f870432381662ca2c3390026b585a3a3422
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments