phemedrone | 3fb1c3589b3a7636337ae5284974f79f99e4c015977a4fa1eeeeb42d79590181 | Triage

Sharing

General

Target

Jefutyl.zip
Size

38KB
Sample

231009-1p2wysaf75
MD5

46ad12d7699b3f9a0ce5f70b08324677
SHA1

4b3950b2a378661310472427acaf26272373ed21
SHA256

3fb1c3589b3a7636337ae5284974f79f99e4c015977a4fa1eeeeb42d79590181
SHA512

d455cd28d8365380494f2ed8f59cf99fcd17dba3b94efe558d307b95abf7e232e5b17ad47f1fb068d4e3bec7214fa88e71fbb8203d1728cfe0371c5013d8d5ef
SSDEEP

768:Q6cNV9G4WCsEimmJFLzW/6/RDFC+cPn22xHoMvBhw1gFakQdloivG/ERKjT:ZC1WlFw6/pPUxTw1cakQd6ivbRKjT

Score

10^/10

phemedrone stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6421901210:AAErC913wmPS9T_-XJrvOWFdTxw2TkS248A/sendMessage?chat_id=5896425070

Targets

- Target
  
  Jefutyl.zip
- Size
  
  38KB
- MD5
  
  46ad12d7699b3f9a0ce5f70b08324677
- SHA1
  
  4b3950b2a378661310472427acaf26272373ed21
- SHA256
  
  3fb1c3589b3a7636337ae5284974f79f99e4c015977a4fa1eeeeb42d79590181
- SHA512
  
  d455cd28d8365380494f2ed8f59cf99fcd17dba3b94efe558d307b95abf7e232e5b17ad47f1fb068d4e3bec7214fa88e71fbb8203d1728cfe0371c5013d8d5ef
- SSDEEP
  
  768:Q6cNV9G4WCsEimmJFLzW/6/RDFC+cPn22xHoMvBhw1gFakQdloivG/ERKjT:ZC1WlFw6/pPUxTw1cakQd6ivbRKjT
Score

10^/10

phemedrone stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronestealer