MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PhoenixStealer

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71
SHA3-384 hash:	33a6ded08d0e72e833231accd77e078ace019599c3ded3671f262cad742240ee36a51b5071f1b4bd7dbf21af6705390c
SHA1 hash:	12ab2f870432381662ca2c3390026b585a3a3422
MD5 hash:	cab000059d249508c491d28e0fecc84e
humanhash:	spaghetti-one-massachusetts-asparagus
File name:	52768773.exe
Download:	download sample
Signature	PhoenixStealer Create hunting rule
File size:	1'136'792 bytes
First seen:	2022-03-22 19:18:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	445554923421947cbff896012e27345a (301 x RedLineStealer, 11 x RaccoonStealer, 5 x CoinMiner)
ssdeep	24576:YUP6I3u+NR+MhooPKywTqPaW0Avw/qMviuuw19VZ1kEaHNYK3v7oy3NVzLa:Ya6I3nNR+MhfL9OAoiM1usNaxU6NVa
Threatray	1'869 similar samples on MalwareBazaar
TLSH	T17835330664F8B81CC44F76B1789AF65C0A0B3694F6D16BAF739AC3C2460F5C95127BB8
Reporter	adm1n_usa32
Tags:	exe PhoenixStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

185

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Alfonoso

Link:

https://www.capesandbox.com/analysis/255148/

Detection(s):

PUA.Win.Packer.Asprotect-3

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Launching a process

Сreating synchronization primitives

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/623a21470cd58dbd92d8d937/reports/cecdf454-60c3-4c67-aa84-3b4f20a29122/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/facc5444-d140-47c7-b078-72f00dff0563

Result

Threat name:

Phoenix Stealer

Detection:

malicious

Classification:

troj.spyw.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/962016

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71/

Threat name:

Win32.Infostealer.Phoenix

Status:

Malicious

First seen:

2022-03-18 02:18:50 UTC

File Type:

PE (Exe)

AV detection:

32 of 42 (76.19%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

10280ae883a86aae151fbceaf56912f5b71f6e1432ee59d21cda735885425a2b

15a772d0dcbde0cffde9b58be5007244fd23159daaa67110f53259ffff69b3c9

3cc17e8a578397b8dad4299539f31925ea3777455d112dafbaf7df283c7cb11e

7a76c39cebc89415a125d7773796ac539e0fc0f36a4663ec0ec75fec0d46bb7c

7e62498496831d872b6d34b51ec02d3fcc07bd4db925899e9a7026c70908a526

a2ab9acad51433ee88a2558ad59f5171b8bc3da7ffe80818423d478f94adf618

a97397b1d9ac7e1b1aab153d2529680c0d6f0977c9e2f68c3febd1661629dbe1

bbacec1344afa67e7e3aef7ac9f286d46d73ae5af3c45763f2536c7eb143b9e4

bf3208f8363c2f4c8f0c431ec05376c3b1fefff9175423bb242755173229308e

c153071c43613a6ff4c454e3fda8c29ac41908fa8e6dab9d9f021e9263b456a2

+ 1'859 additional samples on MalwareBazaar

Result

Malware family:

phoenixstealer

Score:

10/10

Tags:

family:phoenixstealer stealer

Link:

https://tria.ge/reports/220322-x1h2fahah5/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

PhoenixStealer

Unpacked files

SH256 hash:

d5afd77fafeae78b5a0d0ab899cbb9674b7e49cff08c602d44fd8f8a8e353ebc

MD5 hash:

bc725d4606d99e92eed6c09d94b865b8

SHA1 hash:

cc33d173ca9c6a8a6821f22027dbace5cef06349

Link:

https://www.unpac.me/results/04ecd9c9-f945-4f96-b6eb-bde7788d7040/

SH256 hash:

97a3428c774ce2045938bcf8860679e446030a9cd6513f6427c904a5521e81c3

MD5 hash:

223a82af52fa9d097c3eaaeb283fb870

SHA1 hash:

c46df983a3acd3e14e8a636c81a9de2b7247b6bb

Link:

https://www.unpac.me/results/04ecd9c9-f945-4f96-b6eb-bde7788d7040/

SH256 hash:

6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71

MD5 hash:

cab000059d249508c491d28e0fecc84e

SHA1 hash:

12ab2f870432381662ca2c3390026b585a3a3422

Link:

https://www.unpac.me/results/04ecd9c9-f945-4f96-b6eb-bde7788d7040/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/255148/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample