phemedrone | 7e99f943bfc7d4642995880c20f9373c02fb7dda7590a24bf20f674c6f2cff6d | Triage

Sharing

General

Target

2192-3-0x00000000002E0000-0x00000000002FC000-memory.dmp
Size

112KB
Sample

231004-rwynfacd8v
MD5

31cc760510220d939a262d85fee3915c
SHA1

59c87341e8de68a3dcdba605f9db305e855a7b27
SHA256

7e99f943bfc7d4642995880c20f9373c02fb7dda7590a24bf20f674c6f2cff6d
SHA512

0fc9ea343f0c01cc5bab289da6640c56eca6472cb10d608abd6fd8aa25ad73da961d64a02f126114bb7b5cc54a81af046608dcdde5ca19c97804eb7740291aca
SSDEEP

3072:8qygkt4qiQnpVdmxa5TbZtwEKSKe9TV8:JygklndmxccEKy9TV

Score

10^/10

phemedrone spyware stealer

Malware Config

Targets

- Target
  
  2192-3-0x00000000002E0000-0x00000000002FC000-memory.dmp
- Size
  
  112KB
- MD5
  
  31cc760510220d939a262d85fee3915c
- SHA1
  
  59c87341e8de68a3dcdba605f9db305e855a7b27
- SHA256
  
  7e99f943bfc7d4642995880c20f9373c02fb7dda7590a24bf20f674c6f2cff6d
- SHA512
  
  0fc9ea343f0c01cc5bab289da6640c56eca6472cb10d608abd6fd8aa25ad73da961d64a02f126114bb7b5cc54a81af046608dcdde5ca19c97804eb7740291aca
- SSDEEP
  
  3072:8qygkt4qiQnpVdmxa5TbZtwEKSKe9TV8:JygklndmxccEKy9TV
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronespywarestealer

behavioral2

phemedronespywarestealer