MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Phorpiex

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab
SHA3-384 hash:	6c81bf59170813e6a4646d7dcf68c37ff7d9718008429b9f53d752540857999e787e574a4c91760f8e751550c80fbfe6
SHA1 hash:	531dd2bb37a895f321aaeb9e17d53f451d7a2413
MD5 hash:	6437f4f49814f0f1e331e6523e8b074b
humanhash:	alaska-yankee-comet-mexico
File name:	6437f4f49814f0f1e331e6523e8b074b.exe
Download:	download sample
Signature	Phorpiex Create hunting rule
File size:	16'896 bytes
First seen:	2023-03-06 12:54:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e7d27077f1511bf9797c383cdf944810 (3 x Phorpiex)
ssdeep	192:NwSSz9XfaKuwfWf8a/NN6BeT/tX1Y+8J4pfVBcF7Y2lP1oynrS1HPnr:QpiPG4cAtlYxJ4JVB00s1VSpr
Threatray	14 similar samples on MalwareBazaar
TLSH	T19772E6039565539BEA72247467772E25A038BD35132E99DFBBC0097C2264ED0FB33396
TrID	40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 12.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 11.0% (.EXE) Win32 Executable (generic) (4505/5/1) 5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	abuse_ch
Tags:	exe Phorpiex

Intelligence

File Origin

# of uploads :

# of downloads :

217

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

6437f4f49814f0f1e331e6523e8b074b.exe

Verdict:

Malicious activity

Analysis date:

2023-03-06 12:57:29 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9c1a6f26-9803-458c-9c8d-831f12a1487f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/371978/

Detection(s):

SecuriteInfo.com.Variant.Zusy.448400.18541.23102.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Changing an executable file

Infecting executable files

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

virus zusy

Link:

https://www.filescan.io/uploads/6405e2a75961badabfa9bb18/reports/be278a50-5b9a-40f9-8b5c-c3ec923d4308/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Phorpiex

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4c7b2e1f-1eb1-4669-91f0-b01940ece5b8

Result

Threat name:

Phorpiex

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1187804

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found evasive API chain (may stop execution after checking mutex)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Phorpiex

Behaviour

Behavior Graph:

Download SVG

Detection:

phorpiex

Link:

https://mwdb.cert.pl/sample/fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2023-03-04 23:25:56 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 39 (64.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7txasy6k24yfmou5wzanwsw243csn2tgv5wfvxiclxv46f5x7cvq._file

Verdict:

malicious

Phorpiex

38637b0bf898df12f7549c595eb255b38995e8da8058bff700428d90e98052c1

Phorpiex

78a973ace68c9666e5ec28c53be0d2d36bde2d419c10fa6ed939156d199a18ef

Phorpiex

83dedf11eef47762c075437c42ef5c89ac69510a7712b54811de55c6d5e7e72c

Phorpiex

94e2fe84aeea801b0ddcf49c74375bb23ec242d30edc39fccd296ed2e7b64f72

Phorpiex

9dfff09e8395e8d195eaadf35bfb371eea2bf78d6842d7a26623c2824bb8826e

Phorpiex

a664a127c2ec79265a10441a789e02d44bfce8688ab6d459dc005c748720950f

Phorpiex

ba7a55b17174de39cb44b553a52de3d0b3c979d37104a5ad1580cb97a8acc800

Phorpiex

daae9853987194a9b7c36d8ddfe8f7cb6046ff8e73a575c4500d77a368f33808

Phorpiex

+ 4 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230306-p5r6xabg5v/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab

MD5 hash:

6437f4f49814f0f1e331e6523e8b074b

SHA1 hash:

531dd2bb37a895f321aaeb9e17d53f451d7a2413

Link:

https://www.unpac.me/results/d449d596-2b01-4a43-951d-4fe09b8c5f0b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/fcee0963cad730563a9db640db4adae6c526ea66af6c5add025debcf17b7f8ab

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.