phemedrone | fbb17fcbb78a3c7d6ab25984cce87958fcd70a8f09a5c013120f4a4bb620744c | Triage

Sharing

General

Target

sys.zip
Size

457KB
Sample

231011-2rcwaabh23
MD5

ac732232b665f61d349319e37460abb8
SHA1

3291c9ca3aba04379391e8c5cb7c57264d1a8c08
SHA256

fbb17fcbb78a3c7d6ab25984cce87958fcd70a8f09a5c013120f4a4bb620744c
SHA512

7e444f990dcff902f959f870c504c43fba3e015711ab309aa8e8a5befd76d5a6e5c296a7af3a7d9890f1f0cebc053f9c40533d461ed0498b7e31fe30a4be14d4
SSDEEP

12288:IAGJgaKHBtITuOerur+BsIsC4fl1+o0Uf4J8vqXklbHyWnLj:e7ytISOZrmFr49vKklbSWLj

Score

10^/10

phemedrone spyware stealer

Malware Config

Targets

- Target
  
  Phemedrone.Tools.exe
- Size
  
  46KB
- MD5
  
  a6bf693fe68cd3d8c1e6f15463734193
- SHA1
  
  84ab3ff2163239fa6701206da4ae8e903060be21
- SHA256
  
  39ecce4c3f736299577c508670fe23c528b2e9aa076bbfbd3f0fc49ef0e6fb55
- SHA512
  
  2cb88ca582248ead8f6c839ea377b459453fe559bd2b8ab8cc38043025b8554692f4a6743a92bd67e0301d203c89faac0b28f6d5370a594f7bd4a552cf9f52ea
- SSDEEP
  
  768:aqUy9SrcY7P2/P0nmNQBvyOUFVvyjj7Mr6r48lG8G5eYcM+2:LUyacKPZlBvyOEVcjmh75pca
Score

1^/10
behavioral1 behavioral2
- Target
  
  dnlib.dll
- Size
  
  1.1MB
- MD5
  
  5cc2bb48b5e8c8ac0b99669401d15456
- SHA1
  
  02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e
- SHA256
  
  648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea
- SHA512
  
  2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420
- SSDEEP
  
  24576:/bN7xZgKVl/N12pljD7DM2l8xs5A/zYv7flNcK:DyJXn3ML7G
Score

1^/10
behavioral3 behavioral4
- Target
  
  stub/stub
- Size
  
  83KB
- MD5
  
  e9f08b24f1edc1b14d47b7abaef8a03b
- SHA1
  
  e11c3be9bc129931ea7f77ec086035f1a0dd5e9a
- SHA256
  
  fdf3d67df1d0dd6bf150308cf1cc39c7f11cd808e45ecb31df9cc1c288670f15
- SHA512
  
  763ab12868173584d7bb0e42cd1b6a8f7048f13c5d27ac2ac1df3e058407e5859127c18f7075895c736565da3ca0bd2065f99148091041bc58c519b2bc0965be
- SSDEEP
  
  1536:WdE4PhxQwIJeUzTduCWUQVuQYkEFY5NSkfDhz/BXmpeTxonCr5T3PZTSwEKYKIO8:KkeUHd1Wx1NSkfDhz/BbOc5TfZuwEKYd
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

phemedronespywarestealer

behavioral6