phoenixstealer | 5536d8e31ee96b4cdfbd1a1b485cb13960f01ddf218ee8d17f42f5f02b41d68e | Triage

Submit
Reports

Overview

overview

Static

static

BstNiggaStub.exe

windows7_x64

BstNiggaStub.exe

windows10-2004_x64

8

Resubmissions

07-07-2022 07:45

220707-jlmt7afdal 10

07-04-2022 05:16

220407-fx5btsbhf2 8

Sharing

General

Target

BstNiggaStub.exe
Size

1017KB
Sample

220707-jlmt7afdal
MD5

6a63a4741f5d8561a08069dab3c9afbc
SHA1

4cceb4ccf7a1d488bc7a4b67ced920c7fcbec8a2
SHA256

5536d8e31ee96b4cdfbd1a1b485cb13960f01ddf218ee8d17f42f5f02b41d68e
SHA512

1afc1ec86a900827257b7fff7f2a598a0b35ef3f489a7ea11fe0d6a130335550ac6032a18e2c425429e06aae52ed89c84697ac9d12b3080cc2ee9b95b9ca9dab

Score

10^/10

phoenixstealer stealer

Static task

static1

Behavioral task

behavioral1

Sample

BstNiggaStub.exe

Resource

win7-20220414-en

phoenixstealer stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BstNiggaStub.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  BstNiggaStub.exe
- Size
  
  1017KB
- MD5
  
  6a63a4741f5d8561a08069dab3c9afbc
- SHA1
  
  4cceb4ccf7a1d488bc7a4b67ced920c7fcbec8a2
- SHA256
  
  5536d8e31ee96b4cdfbd1a1b485cb13960f01ddf218ee8d17f42f5f02b41d68e
- SHA512
  
  1afc1ec86a900827257b7fff7f2a598a0b35ef3f489a7ea11fe0d6a130335550ac6032a18e2c425429e06aae52ed89c84697ac9d12b3080cc2ee9b95b9ca9dab
Score

10^/10

phoenixstealer stealer
- PhoenixStealer
  PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
  stealer phoenixstealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

phoenixstealerstealer

behavioral2

© 2018-2024

Terms | Privacy