MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Phorpiex

Vendor detections: 13

Intelligence 13 IOCs YARA 1 File information Comments

SHA256 hash:	a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f
SHA3-384 hash:	7ec5fe01bae8fdee5d2fb2052b378c9128ecc52f8d1e7a58b4b6625106cf12694457cb9c503c05383bb3f291ba656b1a
SHA1 hash:	9e0d909e4ced9bc12cf781aedf50b017c91ce964
MD5 hash:	74ea1cdca366e62c29347b829307a506
humanhash:	double-ceiling-massachusetts-sixteen
File name:	74ea1cdca366e62c29347b829307a506.exe
Download:	download sample
Signature	Phorpiex Create hunting rule
File size:	16'896 bytes
First seen:	2023-02-27 16:29:34 UTC
Last seen:	2023-02-27 18:30:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e7d27077f1511bf9797c383cdf944810 (3 x Phorpiex)
ssdeep	192:0wSSz9XfaKuwfWf8a/NN6BeT/tX1Y+8J4pfVBcF7Y2lP1oynrS1HPnr:JpiPG4cAtlYxJ4JVB00s1VSpr
Threatray	13 similar samples on MalwareBazaar
TLSH	T12472E6039565539BEA722474A7772E25A038BD35132E99DFBBC0097C2264ED0FB33396
TrID	40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 12.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 11.0% (.EXE) Win32 Executable (generic) (4505/5/1) 5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	abuse_ch
Tags:	exe Phorpiex

Intelligence

File Origin

# of uploads :

# of downloads :

207

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

74ea1cdca366e62c29347b829307a506.exe

Verdict:

Malicious activity

Analysis date:

2023-02-27 16:39:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4afeb2e2-77c3-4d64-8523-15c8dc65cf5f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/370359/

Detection(s):

SecuriteInfo.com.Variant.Zusy.448400.10634.12538.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Changing an executable file

Infecting executable files

Verdict:

Suspicious

Threat level:

5/10

Confidence:

67%

Link:

https://www.filescan.io/uploads/63fcda91589e1e4c5bd99c95/reports/49bfaae8-2203-4c48-bc22-cd28cedc8c66/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Phorpiex

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/650b9d6d-aeab-4565-8cc0-57b6241ab6c4

Result

Threat name:

Phorpiex

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1183347

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found evasive API chain (may stop execution after checking mutex)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Phorpiex

Behaviour

Behavior Graph:

Download SVG

Detection:

phorpiex

Link:

https://mwdb.cert.pl/sample/a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f/

Threat name:

Win32.Trojan.Zusy

Status:

Malicious

First seen:

2023-02-27 03:46:33 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 25 (76.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uzskcj6c5r4smwqqiqnhrhqc2rf7z2dirk3niwo4abohjbzasuhq._file

Verdict:

malicious

Phorpiex

50fcdf33b27a9bc36765e7b5a2650678f0f0ef15d6410054f89fb63605f849e5

Phorpiex

5c8d519b601447d102fc9b2f83b894bf15939506a3ad8aa53fa535de36121ce7

Phorpiex

78a973ace68c9666e5ec28c53be0d2d36bde2d419c10fa6ed939156d199a18ef

Phorpiex

83dedf11eef47762c075437c42ef5c89ac69510a7712b54811de55c6d5e7e72c

Phorpiex

94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72

Phorpiex

9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e

Phorpiex

ba7a55b17174de39cb44b553a52de3d0b3c979d37104a5ad1580cb97a8acc800

Phorpiex

daae9853987194a9b7c36d8ddfe8f7cb6046ff8e73a575c4500d77a368f33808

Phorpiex

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230227-tzvgasee95/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f

MD5 hash:

74ea1cdca366e62c29347b829307a506

SHA1 hash:

9e0d909e4ced9bc12cf781aedf50b017c91ce964

Link:

https://www.unpac.me/results/163dcffd-1c35-473d-8f44-b5d074587083/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.