Overview

overview

10

Static

static

10

Iputeny.exe

windows7-x64

10

Iputeny.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231023-de
  • resource tags

    arch:x64arch:x86image:win7-20231023-delocale:de-deos:windows7-x64systemwindows
  • submitted
    08-11-2023 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Iputeny.exe

  • Size

    84KB

  • MD5

    2eae4fc3c124605b2338b611578edf2f

  • SHA1

    664bb5841207c075ecc6c82943b6e54d0295bcf2

  • SHA256

    64503745802796c734b5c3b6e62a5ba2b40fde46fe5a3ea1e8f7b37b49b2df92

  • SHA512

    af615e1346bad0f6fe907dcd7f7f9f184c302440f94b3cde103979a171d84ec753852d6054f9d7e294563dd6bfd7c5b4e5388203183703e5760fa68927f03bfd

  • SSDEEP

    1536:e49Lu+af58EPGTtZln8WKSO5T3rZ/SwEKSK99jzpme:e49uf5/PsjntS5TbZKwEKSK99jVL

Score
10/10
phemedronespywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6869946861:AAFp2CTwZLT6Luum35cQR_IF-4kGxK5jIYM/sendMessage?chat_id=6919564136

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Iputeny.exe
    "C:\Users\Admin\AppData\Local\Temp\Iputeny.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2236 -s 1720
      2⤵
        PID:2480
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:2684

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2236-0-0x0000000000F60000-0x0000000000F7C000-memory.dmp

        Filesize

        112KB

        Download

      • memory/2236-1-0x000007FEF5AA0000-0x000007FEF648C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2236-2-0x0000000000E60000-0x0000000000EE0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2236-3-0x000007FEF5AA0000-0x000007FEF648C000-memory.dmp

        Filesize

        9.9MB

        Download