phemedrone | 95ddb8a73ba1d02c13735fe21f335599e0659b3da7b42e23654650b89d4ddf60 | Triage

Sharing

General

Target

0x001a000000015c3e-10.dat
Size

83KB
Sample

231009-waj1dahc78
MD5

e025c7bfa143c476a648e9daa3cfda2f
SHA1

d4f90ae2727cd20c19802eeee5589fc4e7b36ec3
SHA256

95ddb8a73ba1d02c13735fe21f335599e0659b3da7b42e23654650b89d4ddf60
SHA512

f9812370e7855acaa15f70a5ee71fa2b78040be72553cc4109276429731ab3a10924fd8e08b8ff91e9c3b0dc57c4bc32168c29416e4a401208fd2574dbd9b8f3
SSDEEP

1536:YNHNY8knGTS8Yd/exySO5T3rZlSwEKSKO9Tzpmp:YNHNYfnrZdmxa5TbZYwEKSKO9TVk

Score

10^/10

phemedrone spyware stealer

Malware Config

Targets

- Target
  
  0x001a000000015c3e-10.dat
- Size
  
  83KB
- MD5
  
  e025c7bfa143c476a648e9daa3cfda2f
- SHA1
  
  d4f90ae2727cd20c19802eeee5589fc4e7b36ec3
- SHA256
  
  95ddb8a73ba1d02c13735fe21f335599e0659b3da7b42e23654650b89d4ddf60
- SHA512
  
  f9812370e7855acaa15f70a5ee71fa2b78040be72553cc4109276429731ab3a10924fd8e08b8ff91e9c3b0dc57c4bc32168c29416e4a401208fd2574dbd9b8f3
- SSDEEP
  
  1536:YNHNY8knGTS8Yd/exySO5T3rZlSwEKSKO9Tzpmp:YNHNYfnrZdmxa5TbZYwEKSKO9TVk
Score

10^/10

phemedrone stealer spyware
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronestealer

behavioral2

phemedronespywarestealer