Phobia
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e0be606f-7c2d-42fb-b3bc-e3102a3f811e |
| Fingerprint | 241618f9a4f5938b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 25, 2022, midnight |
| Added to db | June 5, 2023, 2:25 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Phobia |
| Title | Phobia |
| Detected Hints/Tags/Attributes | 58/1/34 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://labs.yarix.com/2022/11/phobia/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 152 | ✔ | YLabs | https://labs.yarix.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 2 | ph_decrypt.exe |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 47 | oleaut32.dll |
|
| Details | File | 89 | version.dll |
|
| Details | File | 76 | gdi32.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 30 | comctl32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 31 | wsock32.dll |
|
| Details | File | 59 | netapi32.dll |
|
| Details | File | 3 | wsock.dll |
|
| Details | File | 1 | netapi.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 2 | rdcman.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 1 | c:\users\gigi\appdata\local\temp\r4j.xml |
|
| Details | File | 1 | cache_ph_decrypt.exe |
|
| Details | File | 2 | chromehelper.exe |
|
| Details | File | 15 | update.dll |
|
| Details | File | 1 | r4j.xml |
|
| Details | File | 1 | autologon.exe |
|
| Details | File | 2 | cx.exe |
|
| Details | md5 | 2 | 89ca56158e78e180ef2a878a8aa42b1b |
|
| Details | md5 | 2 | ca0b28f42c6c21a79fedaad02ca615b7 |
|
| Details | md5 | 2 | 0566d73da02ac32ae31dd63ec363fd25 |
|
| Details | sha1 | 2 | 31998851095818c24d01117301ca93c4d7ccaca8 |
|
| Details | sha1 | 2 | 0468a398f0ccadbb2db5f70434f6751b3f470c6a |
|
| Details | sha1 | 2 | b8a4e64aa7ddfa2b3cac6aadf16b17caaafbf4ab |
|
| Details | sha256 | 2 | 5bcc043f2a2b19d8b18837553f17fa6e56c418c6720ccffa083f7469d8b2aa54 |
|
| Details | sha256 | 2 | fff252ef04d8a313b230bb585de920df9ccd8b5d2f61995eecd45e13e58a7fdd |
|
| Details | sha256 | 2 | 0ed85d779d7ed73e72bbcdfb91cc8334dade8dc3836eb705db53737cfa267177 |