User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

General

  • Target

    Abotihy.exe.2

  • Size

    104KB

  • Sample

    240130-lbhhtsechl

  • MD5

    a62ed6e2054cf8d2e62c02c83b3f07c7

  • SHA1

    af778b353cf5d24172339d084722811c7a088668

  • SHA256

    8731e05790767c76250fff12cf1ecbf497889776be13aef569cc71f0aad97039

  • SHA512

    9cce378e77dfb58a0740cb07a0f951971a5a52143c1c600181286b7c9d3e0a4aa0f03b1b754d9bdb08847c22d478240ba11236fe089197081867483f45175272

  • SSDEEP

    3072:1jDx+/YuqZK9WDIciaK5C0dAoz1+wEKSK0M:5ZueBoz1/EK4

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot5358754228:AAE42HAGW1bzIPxU7iVRC_96iDuHcwSjjVo/sendMessage?chat_id=5556872222

Targets

    • Target

      Abotihy.exe.2

    • Size

      104KB

    • MD5

      a62ed6e2054cf8d2e62c02c83b3f07c7

    • SHA1

      af778b353cf5d24172339d084722811c7a088668

    • SHA256

      8731e05790767c76250fff12cf1ecbf497889776be13aef569cc71f0aad97039

    • SHA512

      9cce378e77dfb58a0740cb07a0f951971a5a52143c1c600181286b7c9d3e0a4aa0f03b1b754d9bdb08847c22d478240ba11236fe089197081867483f45175272

    • SSDEEP

      3072:1jDx+/YuqZK9WDIciaK5C0dAoz1+wEKSK0M:5ZueBoz1/EK4

    • Phemedrone

      An information and wallet stealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks