MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1a6b3ae4be356a4953260388a0724f991abdb7eb28da6ab0ec4a7f57200a586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Phorpiex

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	c1a6b3ae4be356a4953260388a0724f991abdb7eb28da6ab0ec4a7f57200a586
SHA3-384 hash:	d031c7b8fd8cc109c1a1f0e45815a342ce323af947090724525c7c6492e6c03ab664a645404b46be3186daf4e2db3e7b
SHA1 hash:	c13e9b9045485e43770435b6cb7f0df91becaec7
MD5 hash:	5429aac8e9440a958c37ea66ea83a461
humanhash:	cardinal-pip-pasta-sixteen
File name:	5429aac8e9440a958c37ea66ea83a461.exe
Download:	download sample
Signature	Phorpiex Create hunting rule
File size:	16'896 bytes
First seen:	2023-03-12 17:40:19 UTC
Last seen:	2023-03-12 19:42:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e4c87b7c96eb71ee3a5e91bc3f06c1e9 (2 x Phorpiex)
ssdeep	192:wEwSSz9XfaKuwfZfSheakh6BeT/tX1Y+8J4pfVBcF7Y2DP1oynrSIHPn9:wZpiPB3kQAtlYxJ4JVB00O1VS0
Threatray	15 similar samples on MalwareBazaar
TLSH	T17072E6039665539BEA32247467732E257078BD35532E9DDFAB800A7C1264EE0FB33396
TrID	40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 12.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 11.0% (.EXE) Win32 Executable (generic) (4505/5/1) 5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	abuse_ch
Tags:	exe Phorpiex

Intelligence

File Origin

# of uploads :

# of downloads :

214

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

5429aac8e9440a958c37ea66ea83a461.exe

Verdict:

Malicious activity

Analysis date:

2023-03-12 17:46:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3aa041fa-da1e-4e10-a90f-5a0e093fa968

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/373745/

Detection(s):

SecuriteInfo.com.Variant.Jaik.116483.31191.28481.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Changing an executable file

Infecting executable files

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/72811/overview

Behaviour

MalwareBazaar

CallSleep

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/640e0eb1d1a098efbc62ff02/reports/66ac0eca-8508-4006-a801-1a4c9f17e1ab/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/c1a6b3ae4be356a4953260388a0724f991abdb7eb28da6ab0ec4a7f57200a586

Malware family:

Phorpiex

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9a3c85c2-f630-4812-a61c-5d4a3fca40cd

Result

Threat name:

Phorpiex

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1192050

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found evasive API chain (may stop execution after checking mutex)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Phorpiex

Behaviour

Behavior Graph:

Download SVG

Detection:

phorpiex

Link:

https://mwdb.cert.pl/sample/c1a6b3ae4be356a4953260388a0724f991abdb7eb28da6ab0ec4a7f57200a586/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2023-03-11 07:58:18 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 39 (48.72%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ygtlhlsl4nlkjfjsma4iubze7gi2xw36wkg2nkyoyst7k4qauwda._file

Verdict:

malicious

Phorpiex

50fcdf33b27a9bc36765e7b5a2650678f0f0ef15d6410054f89fb63605f849e5

Phorpiex

5c8d519b601447d102fc9b2f83b894bf15939506a3ad8aa53fa535de36121ce7

Phorpiex

683d61de6b560083d405083c10e57b11e652cca838306450601280e24adfb1be

Phorpiex

78a973ace68c9666e5ec28c53be0d2d36bde2d419c10fa6ed939156d199a18ef

Phorpiex

94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72

Phorpiex

9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e

Phorpiex

a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f

Phorpiex

fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab

Phorpiex

+ 5 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230312-v9ez2agg5x/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

c1a6b3ae4be356a4953260388a0724f991abdb7eb28da6ab0ec4a7f57200a586

MD5 hash:

5429aac8e9440a958c37ea66ea83a461

SHA1 hash:

c13e9b9045485e43770435b6cb7f0df91becaec7

Link:

https://www.unpac.me/results/70ffc462-0595-43ef-b679-5c5d27c29400/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/c1a6b3ae4be356a4953260388a0724f991abdb7eb28da6ab0ec4a7f57200a586

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.