MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd21f4bd5e04e181b90e19fd71d2f30a40aad6cc9edba34b5a5ca2d56b55d611. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Phorpiex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd21f4bd5e04e181b90e19fd71d2f30a40aad6cc9edba34b5a5ca2d56b55d611
SHA3-384 hash: 0ab48681506bce564bcd6cca2e38c3b54b7438067dd3f157a3caa345adc6fc4033f5b425b72cb79f5d4df0b851e02dc9
SHA1 hash: 46737a78ea837100c71dfd501f310a7a43790437
MD5 hash: ff594c2ad052c914e665c12311debf1f
humanhash: violet-arkansas-high-mexico
File name:ff594c2ad052c914e665c12311debf1f.exe
Download: download sample
Signature Phorpiex
Create hunting rule
File size:24'016 bytes
First seen:2021-06-16 10:18:22 UTC
Last seen:2021-06-16 10:56:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 009e69e1b00a5255918718e8d3384340 (1 x Phorpiex)
ssdeep 96:Qo4070lffqRTTF2PMtZB+tboynA1Ctwr:vGUNyZ1oyn3w
Threatray 7 similar samples on MalwareBazaar
TLSH BFB2C900867449B1F6BE05B0416F42FCA57A5B72D7939FFA21763087BEA4A0295D233B
Reporter abuse_ch
Tags:exe Phorpiex

Intelligence

File Origin
# of uploads :
2
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ff594c2ad052c914e665c12311debf1f.exe
Verdict:
Suspicious activity
Analysis date:
2021-06-16 11:49:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e00dff72-060c-4fc9-a630-d63ae24994e8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Variant.Jaik.39497.9103.9684.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Phorpiex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d95c9ce1-9ec8-4320-aa6c-1230f65d8c38
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/802934
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Uses shutdown.exe to shutdown or reboot the system
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 435344 Sample: zEFmZ14sKK.exe Startdate: 16/06/2021 Architecture: WINDOWS Score: 64 16 Antivirus / Scanner detection for submitted sample 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 Machine Learning detection for sample 2->20 7 zEFmZ14sKK.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        signatures5 22 Uses shutdown.exe to shutdown or reboot the system 9->22 12 conhost.exe 9->12         started        14 shutdown.exe 1 9->14         started        process6
Detection:
phorpiex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/bd21f4bd5e04e181b90e19fd71d2f30a40aad6cc9edba34b5a5ca2d56b55d611/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2021-06-16 04:17:49 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xuq7jpk6atqydoiodh6xduxtbjakvvwmt3n2gs22lsrnk22v2yiq._file
Verdict:
unknown
Similar samples:
251960c51a68122710e9f928d7ea49ea52573f6e9af906e47ce91cfd518e39a7
Phorpiex
2dc0e02fcc1a56c81903905869a396f328813e63eba46f941ff3379430e12d12
Phorpiex
7c419f22e51f37be0c483bbf3c320c40b6939785896b756c504af5de5b46237f
Phorpiex
7e663d31d2d1fb89bb88dfa65fea415d754e5a9e6d804cf99c59d98f95580945
Phorpiex
ab47f2c37d0612239214050393cff3f26715448550ead7c3180fe2c842df19e4
Phorpiex
cdb2b4c85d67ee5d29410f0411776be88c42a21df4c153b831db9562f7a5f8da
Phorpiex
e053c19ffe23b6e0b58165395bfd1ed11b9df981e99ac8f6f5cfe9fcbddd2579
Phorpiex
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210616-vtmqe6csp6/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
bd21f4bd5e04e181b90e19fd71d2f30a40aad6cc9edba34b5a5ca2d56b55d611
MD5 hash:
ff594c2ad052c914e665c12311debf1f
SHA1 hash:
46737a78ea837100c71dfd501f310a7a43790437
Link:
https://www.unpac.me/results/1d0cbf95-f82d-4bee-95ac-ceb42252fe27/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd21f4bd5e04e181b90e19fd71d2f30a40aad6cc9edba34b5a5ca2d56b55d611

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Phorpiex

Executable exe bd21f4bd5e04e181b90e19fd71d2f30a40aad6cc9edba34b5a5ca2d56b55d611

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1187847/
  
Delivery method
Distributed via web download

Comments