MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Phorpiex


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e
SHA3-384 hash: 00c45068c0cd3f1a1398f22807b0ba757f49ef7b9eabf9d5854d541160cb89362d596224f85d0f208948ca465428e05c
SHA1 hash: 6a4e4053cc21fc6691729f48993810b1e0158d22
MD5 hash: 19f9138f63339e4baa31f5088524f4d1
humanhash: cat-oscar-two-bravo
File name:19f9138f63339e4baa31f5088524f4d1.exe
Download: download sample
Signature Phorpiex
Create hunting rule
File size:16'896 bytes
First seen:2023-02-15 15:46:08 UTC
Last seen:2023-02-15 18:31:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e7d27077f1511bf9797c383cdf944810 (3 x Phorpiex)
ssdeep 192:owSSz9XfaKuwfWf8a/NN6BeT/tX1Y+8J4pfVBcF7Y2lP1oynrS1HPnr:tpiPG4cAtlYxJ4JVB00s1VSpr
Threatray 32 similar samples on MalwareBazaar
TLSH T14772E6039565539BEA722470A7772E25A038BD35132E99DFBBC0097C2664ED0FB33396
TrID 40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
12.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.0% (.EXE) Win32 Executable (generic) (4505/5/1)
5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter abuse_ch
Tags:exe Phorpiex

Intelligence

File Origin
# of uploads :
2
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
19f9138f63339e4baa31f5088524f4d1.exe
Verdict:
Malicious activity
Analysis date:
2023-02-15 15:59:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5befdaff-3522-4cb8-81b5-3b4a0d783cbc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/366759/
Detection(s):
SecuriteInfo.com.Variant.Zusy.448400.28155.19148.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Changing an executable file
Infecting executable files
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/70453/overview
Behaviour
MalwareBazaar
CallSleep
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Link:
https://www.filescan.io/uploads/63ecfe7745632f5c85b37fc2/reports/be0fdb7c-8b80-4ed2-acd5-e445ceef3939/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e
Result
Verdict:
MALICIOUS
Malware family:
Phorpiex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/93f109f1-03b6-46f4-bfd2-aa1e26392ebf
Result
Threat name:
Phorpiex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1175860
Behaviour
Behavior Graph:
n/a
Detection:
phorpiex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-02-15 15:47:05 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
13 of 25 (52.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tx77bhudsxundfpkvxzvx6zxd3vcx54nnbbnpitgepbies5yqjxa._file
Verdict:
malicious
Similar samples:
2480a9b260108a5cd8630419c5d76fc359d926970cb4a71926924ce56ccad98b
Phorpiex
38637b0bf898df12f7549c595eb255b38995e8da8058bff700428d90e98052c1
Phorpiex
50fcdf33b27a9bc36765e7b5a2650678f0f0ef15d6410054f89fb63605f849e5
Phorpiex
5c8d519b601447d102fc9b2f83b894bf15939506a3ad8aa53fa535de36121ce7
Phorpiex
683d61de6b560083d405083c10e57b11e652cca838306450601280e24adfb1be
Phorpiex
78a973ace68c9666e5ec28c53be0d2d36bde2d419c10fa6ed939156d199a18ef
Phorpiex
83dedf11eef47762c075437c42ef5c89ac69510a7712b54811de55c6d5e7e72c
Phorpiex
94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72
Phorpiex
ba7a55b17174de39cb44b553a52de3d0b3c979d37104a5ad1580cb97a8acc800
Phorpiex
daae9853987194a9b7c36d8ddfe8f7cb6046ff8e73a575c4500d77a368f33808
Phorpiex
+ 22 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230215-s77k6acd3y/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e
MD5 hash:
19f9138f63339e4baa31f5088524f4d1
SHA1 hash:
6a4e4053cc21fc6691729f48993810b1e0158d22
Link:
https://www.unpac.me/results/5a598d55-0820-43d5-ba17-5b4b56656d14/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Phorpiex

Executable exe 9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2540968/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/366759/

Comments