Overview

overview

10

Static

static

10

Fekubiv.exe

windows7-x64

10

Fekubiv.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fekubiv.exe

  • Size

    83KB

  • MD5

    22c2e9caea842dcd382cffa8fe73fff6

  • SHA1

    009b40f13a1ff4622e9524fb99ebc4582e1980b5

  • SHA256

    6bccfdbe392cf2eef8a337fbb8af90a662773d8cd73cec1ac1e0f51686840215

  • SHA512

    7544b88ccd363231434d0442cc7c6920b66366a641ec52fd1fefae5242540b3545bf2ae0556480de1159b85bc4d2bf907834663ef1746caadd3a83694d69ca94

  • SSDEEP

    1536:rsVbnk209AnGTYNgYd/exySO5T3rZMSwEKSKO9Tzpmd:rIjk202nBNdmxa5TbZVwEKSKO9TVI

Score
10/10
phemedronespywarestealer

Malware Config

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fekubiv.exe
    "C:\Users\Admin\AppData\Local\Temp\Fekubiv.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2104
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2680

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2104-0-0x00000000003E0000-0x00000000003FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2104-1-0x00007FFCB7B70000-0x00007FFCB8631000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2104-2-0x000000001B250000-0x000000001B260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2104-3-0x00007FFCB7B70000-0x00007FFCB8631000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2104-4-0x000000001B250000-0x000000001B260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2104-6-0x00007FFCB7B70000-0x00007FFCB8631000-memory.dmp

      Filesize

      10.8MB

      Download