Behavioral task
behavioral1
Sample
Abotihy.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Abotihy.exe
Resource
win10v2004-20231222-en
General
-
Target
Abotihy.exe.2
-
Size
104KB
-
MD5
a62ed6e2054cf8d2e62c02c83b3f07c7
-
SHA1
af778b353cf5d24172339d084722811c7a088668
-
SHA256
8731e05790767c76250fff12cf1ecbf497889776be13aef569cc71f0aad97039
-
SHA512
9cce378e77dfb58a0740cb07a0f951971a5a52143c1c600181286b7c9d3e0a4aa0f03b1b754d9bdb08847c22d478240ba11236fe089197081867483f45175272
-
SSDEEP
3072:1jDx+/YuqZK9WDIciaK5C0dAoz1+wEKSK0M:5ZueBoz1/EK4
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot5358754228:AAE42HAGW1bzIPxU7iVRC_96iDuHcwSjjVo/sendMessage?chat_id=5556872222
Signatures
-
Phemedrone family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Abotihy.exe.2
Files
-
Abotihy.exe.2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ