General

  • Target

    bdb1f5e7f3dbd67ee70cb66f20ac7f7902ce07989a9a22432f99fd8124da5c3e.zip

  • Size

    36KB

  • Sample

    230816-hlwlnaac3t

  • MD5

    c8a8a058d6f0a48af39f8c38c6b258bf

  • SHA1

    1ddc26a366afab5837c8e8d5614bbe57bcc052bc

  • SHA256

    e11a5e2321ad2cc9f0b1acc73b07c4969966a00815a9e61141e4ce6428c13561

  • SHA512

    00731d37fe0aabfaa7738307eb74762302475f1b4c721aa7e61958f323c426013a5e4c6394c9feec847efe7be72a9e07d533609e07915f1fe4d011c1269c46b2

  • SSDEEP

    768:v6U4O+9cpYbEsL/WcvlfaRnFLWnxlGUeo8h8zSxkzbmNiQh1JIJXn:iUj+9cpqEsKcxaBFglGSDGNV1JsX

Malware Config

Extracted

Family

phemedrone

C2

http://f0839732.xsph.ru/gate.php

Targets

    • Target

      bdb1f5e7f3dbd67ee70cb66f20ac7f7902ce07989a9a22432f99fd8124da5c3e

    • Size

      80KB

    • MD5

      8f7eb1227c12063aa1848e615a8a5e73

    • SHA1

      b786233cd325cd1cc59d3bb1dfab6defe1c85309

    • SHA256

      bdb1f5e7f3dbd67ee70cb66f20ac7f7902ce07989a9a22432f99fd8124da5c3e

    • SHA512

      1a73f2b900e3d86484089afc818176ed1dea59996bd2ecff5014022802308077baec13f1ca571b9c8fa4732dfa1480b8f53fdc0986807fa7a0bb42b2436ad18e

    • SSDEEP

      1536:Btg98VSWaaIQZB9+tiGbJeadDTJHjwtNGMl5n5p2gnBQqJSwEKhw:BtgKVzIXiGbJeadDTZjwtNVlJ54gnBQD

    • Phemedrone

      An information and wallet stealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks