phemedrone | 4b1d253b214f9d502bcb88d8df24424c1c11692cba770031cca6c7d3703d19de | Triage

Submit
Reports

Overview

overview

Static

static

3

e5e92ec5d1...85.exe

windows7-x64

e5e92ec5d1...85.exe

windows10-2004-x64

Sharing

General

Target

NEAS.ccec9f6516e38c852b1df13c836e5430bin_JC.zip
Size

3.0MB
Sample

231006-ta3flsgb63
MD5

1115ff813afcf5ec145826d51a249158
SHA1

795bb247347a7b8713b62e17cea60c0c4a35f5be
SHA256

4b1d253b214f9d502bcb88d8df24424c1c11692cba770031cca6c7d3703d19de
SHA512

80755ed09708816101d6f19c0cdd5df9acdde7a84ee05f663063c5cfb6ca5e06af20409a1764a74ce3be16363d99a53608d642dd4805441b8b043c878f6bb03d
SSDEEP

49152:M7s/8jHGDVX2D0BDrsR0fn1aVsyoV79XrialhnkHrZisJuXqut9ORNRdxJld3AH:MFScR8OsyI9eUhkL146utArdPAH

Score

10^/10

phemedrone spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e5e92ec5d1d5be22b05694956de0321475105789279acbc9e83d7796026ec385.exe

Resource

win7-20230831-en

phemedrone stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5e92ec5d1d5be22b05694956de0321475105789279acbc9e83d7796026ec385.exe

Resource

win10v2004-20230915-en

phemedrone spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e5e92ec5d1d5be22b05694956de0321475105789279acbc9e83d7796026ec385.exe
- Size
  
  6.7MB
- MD5
  
  ccec9f6516e38c852b1df13c836e5430
- SHA1
  
  30e3c298370f32e92d42f586e170996229db8fab
- SHA256
  
  e5e92ec5d1d5be22b05694956de0321475105789279acbc9e83d7796026ec385
- SHA512
  
  e23d714a352ebda1c75ade3f782159562d34402ebff31511f5b952b247f9b49c039a4b29123762bbffcbe90f3dd6db828bc36deac344a91d75f41346435bbdd1
- SSDEEP
  
  49152:Fu9q0pxgIYZdVKr2TZO/Ay+tN2ACtcXrGwuh0637dkKg4kGzlXerAEEEEEEEEE20:
Score

10^/10

phemedrone stealer upx spyware
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronestealerupx

behavioral2

phemedronespywarestealerupx

© 2018-2024

Terms | Privacy