Overview

overview

10

Static

static

10

AllParse_L...gs.exe

windows10-2004-x64

10

AllParse_L...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2023 05:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AllParse_Log/codec-library.exe

  • Size

    84KB

  • MD5

    889a77ec865cef4310258ba20e980302

  • SHA1

    554cec7ecef4d6f12ab787fa4673fc9aab24051d

  • SHA256

    eebdeac6e6bca0a720c047291a85dbb4e0c17f18af0e20b8a0c645360ae66626

  • SHA512

    1bf5b559c6091eac1b1f616f28ed2159fb32af57de6a965d659d1df235442a0bf578cb1ab3e6af95acb966f0197a5305608d3c1ba6c049a2f20f3805a8989c40

  • SSDEEP

    1536:4cZc9o6ieQnPou2PGTeR7CfoWKSO5T3rZfvSwEKSKt9jzpmO:4ci9MnPo3PHtmpS5TbZfawEKSKt9jVb

Score
10/10
phemedronespywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6546988438:AAF4CYLITzgov4BI5_0csUsC5C49FDi5D6Y/sendMessage?chat_id=554005447

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AllParse_Log\codec-library.exe
    "C:\Users\Admin\AppData\Local\Temp\AllParse_Log\codec-library.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:864
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:928

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/864-0-0x0000000000BB0000-0x0000000000BCC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/864-1-0x00007FFC3ED60000-0x00007FFC3F821000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/864-2-0x000000001BDC0000-0x000000001BDD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/864-4-0x00007FFC3ED60000-0x00007FFC3F821000-memory.dmp

      Filesize

      10.8MB

      Download