Pulse Detail — Threat Intelligence

PULSE NAME

Threat Research: PHALT#BLYX: Fake BSODs and Trusted Build Tools

WHITE PHALT#BLYX Tr1sa111 2026-01-12 Modified: 2026-02-08

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1204.002 T1566.002 T1059.001 T1547.001 T1562.001 T1055.012 T1095 T1127.001

MALWARE FAMILIES

DCRat AsyncRAT

Indicators of Compromise (37)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	55ddf603015e60558debfd07390f4c17	—	2026-01-12
FileHash-MD5	eaeba8ee3234447dda19fc9f2bf50a65	—	2026-01-12
FileHash-SHA1	0e477c81be68d8e523783ae46a5502574d481c2d	—	2026-01-12
FileHash-SHA1	0fd6c9a997a90eb0d8e66984b433600b27cd8d7c	—	2026-01-12
FileHash-SHA256	07845fcc83f3b490b9f6b80cb8ebde0be46507395d6cbad8bc57857762f7213a	—	2026-01-12
FileHash-SHA256	11c1cfce546980287e7d3440033191844b5e5e321052d685f4c9ee49937fa688	—	2026-01-12
FileHash-MD5	331e76eaef92dd97dcc65d3ad6e3e23a	—	2026-01-12
FileHash-MD5	962d2a0880c5325328930b66bb4e2cf1	—	2026-01-12
FileHash-MD5	b41d64f81945c268377efa5cd6d6e50a	—	2026-01-12
FileHash-SHA1	62e761ee6ba26325b61b6ea81f1a322546dd35dc	—	2026-01-12
FileHash-SHA1	6938eb0662e0a8ff9dc359a8382735ad5d494da1	—	2026-01-12
FileHash-SHA1	c19a065d2b5b37f1bf59175d1e497dc165a5ab88	—	2026-01-12
FileHash-SHA256	08037de4a729634fa818ddf03ddd27c28c89f42158af5ede71cf0ae2d78fa198	—	2026-01-12
FileHash-SHA256	13b25ae54f3a28f6d01be29bee045e1842b1ebb6fd8d6aca23783791a461d9dd	—	2026-01-12
FileHash-SHA256	18c75d6f034a1ed389f22883a0007805c7e93af9e43852282aa0c6d5dafaa970	—	2026-01-12
FileHash-SHA256	1f520651958ae1ec9ee788eefe49b9b143630c340dbecd5e9abf56080d2649de	—	2026-01-12
FileHash-SHA256	2f3d0c15f1c90c5e004377293eaac02d441eb18b59a944b2f2b6201bb36f0d63	—	2026-01-12
FileHash-SHA256	33f0672159bb8f89a809b1628a6cc7dddae7037a288785cff32d9a7b24e86f4b	—	2026-01-12
FileHash-SHA256	6bd31dfd36ce82e588f37a9ad233c022e0a87b132dc01b93ebbab05b57e5defd	—	2026-01-12
FileHash-SHA256	8d176cc0b442d32482b2489e01a38edc71df80e03db2099193be65fedc9a34a4	—	2026-01-12
FileHash-SHA256	91696f9b909c479be23440a9e4072dd8c11716f2ad3241607b542b202ab831ce	—	2026-01-12
FileHash-SHA256	9c891e9dc6fece95b44bb64123f89ddeab7c5efc95bf071fb4457996050f10a0	—	2026-01-12
FileHash-SHA256	9fac0304cfa56ca5232f61034a796d99b921ba8405166743a5d1b447a7389e4f	—	2026-01-12
FileHash-SHA256	9fc15d50a3df0ac7fb043e098b890d9201c3bb56a592f168a3a89e7581bc7a7d	—	2026-01-12
FileHash-SHA256	bf374d8e2a37ff28b4dc9338b45bbf396b8bf088449d05f00aba3c39c54a3731	—	2026-01-12
FileHash-SHA256	cd3604fb9fe210261de11921ff1bea0a7bf948ad477d063e17863cede1fadc41	—	2026-01-12
FileHash-SHA256	e68a69c93bf149778c4c05a3acb779999bc6d5bcd3d661bfd6656285f928c18e	—	2026-01-12
URL	http://2fa-bns.com/win/ajsb.exe	—	2026-01-12
URL	https://2fa-bns.com/	—	2026-01-12
domain	2fa-bns.com	—	2026-01-12
domain	8eh18dhq9wd.click	—	2026-01-12
domain	asj77.com	—	2026-01-12
domain	asj88.com	—	2026-01-12
domain	asj99.com	—	2026-01-12
domain	low-house.com	—	2026-01-12
domain	oncameraworkout.com	—	2026-01-12
domain	wmk77.com	—	2026-01-12

References (1)

↗ https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection