phemedrone

Sharing

Copy URL

Twitter E-mail

General

Target

Korepi.rar
Size

8.3MB
Sample

240218-r2w2ssbc2x
MD5

43c7f5c4214172e5aa95184912871658
SHA1

7df1b4192a6da11a6580db130b0e544f03705288
SHA256

1fda8701361410f4d24d8b4886d114424f07c18bfee78adf64170b87800baa87
SHA512

ae2cf967e289010a29d794fba6d0d9c11398def6319bcedd4145256cdd68c036f4eca347321d3fb20842146ea0c53c3b5c8903bba586f8268564e694ff59b6e5
SSDEEP

196608:6cNyUkbWfZSQfTLlI8hcVKsKe9COZhHTge+axEc2VvqCKA0gBMQJaEf/qJnQrc5K:joWcqOUOXHEyxYQtgBMbEXqOoK

Score

10^/10

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot6678158569:AAGCj_95yYZbARbtI5kniGnlVkd_CTO8lfI/sendMessage?chat_id=6303202637

Targets

- Target
  
  Korepi/Korepi.exe
- Size
  
  84KB
- MD5
  
  6ab9efa8c00bfc58528805978f6e894a
- SHA1
  
  944441a3642a47c8b40633462de5876bc3bfb648
- SHA256
  
  d8604a6641d5743df9a0324f179476afe197cb63e2b94cbbce78aee2a348b5e1
- SHA512
  
  97a12dd1b0cf53b707b7251cbbc1f533fb9f3f9c3244c5f195ceb994a3569c00733580e470a5c43bd811d90e14ab650548a364bd858a00d9672eb4eacb4698a3
- SSDEEP
  
  1536:JD9XaiFH+UGPGTLh7CfoWKSO5T3rZ5SwEKSKK9jzpm+:JD9BH+FP+dmpS5TbZ8wEKSKK9jVr
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Korepi/concrt140.dll
- Size
  
  310KB
- MD5
  
  cd12471b295f6a1c66dcc9fc519eef5b
- SHA1
  
  dbca64bc390ea30d54c184086f0505fef35cd969
- SHA256
  
  573229a07f38ab9d2fc2e1a5b98e9243b9b39100323180c83ad7ddaf98eee46a
- SHA512
  
  c8a75f285e12f3e65ea18b002d4661f01ebf54d464fec761917ac09709ff6005f0e15bf76756ccde8d19fe88f096d05df20bab252bb2c26248af5aaad846b988
- SSDEEP
  
  6144:1EI93zcNn3dMiBXHxHSSXfPnevwbbeVu00Xp9gznWzgQQf3P2iyK:aIlwNqihUSPPd9z8yK
Score

1^/10
behavioral2
- Target
  
  Korepi/dbgeng.dll
- Size
  
  4.1MB
- MD5
  
  53a932b4f7819a9e62be4e84a2e808cd
- SHA1
  
  031766199999581c94ce46188777d3fbda9e31d7
- SHA256
  
  38c6aa8b85f388b814e2239a6a7355a999130a3cf1893a3219371f694d9759d3
- SHA512
  
  3137dae30b94b0c314c9e45b1e2ccb8c7293724a6a3b69f1c9dc0aad94ec7bbca6684eaeccc04866bad55eea1ba011a687cfa107f3af7c87f7ebefa8ed1822fc
- SSDEEP
  
  24576:+3rg4E36jDEdCWvKHWfkxKpafVk+kO5jjm8ipQPVQWYBqtacOOHzojxACwx+DVNv:+326jAYmNwfAEipysxAC5yod/k5le
Score

1^/10
behavioral3
- Target
  
  Korepi/dbghelp.dll
- Size
  
  1.3MB
- MD5
  
  15ee5c7404fa5b6de0eb0c042474d3bf
- SHA1
  
  ec3a7fd5861447d615968c51e507cd376a48bd6b
- SHA256
  
  159b30d9f1bbe69ae03e0d19669d4fcb565246d81672b7034a69cef9f466dcbe
- SHA512
  
  eaa2004d5c243597705baf53140b3944fa9d79f719bdef09e5226f44f740180e2cd41a55a6745b16931c84a8b96b81da85eb372cf39acd34cecb9e373d422aa6
- SSDEEP
  
  24576:/HwbKof5HWhFJt0fTGHf01BWgXkqy5xFxmLM6dh7GQlfKd:vRu2hFJteiFdqqVAS
Score

1^/10
behavioral4
- Target
  
  Korepi/dll/vccorlib140.dll
- Size
  
  327KB
- MD5
  
  2d581d8598f4db0fc55b415b841c7544
- SHA1
  
  e8a3d709a2cfe4262e0cb020851ec728134ccc34
- SHA256
  
  79284659bf4302162302737d2513b17e09742cdefb9540e80f97d30c93077d7c
- SHA512
  
  adbcfc80afcfe69db9587536ea88ab09570f51d2213b0f29e55e01eeb518c9f35a7723fdf0e06284e2cadc63c49b25575ddea3b4032501917d002b648998c98e
- SSDEEP
  
  6144:R+dqDim64W44od8wyW9I8RbAL2dma6JD36a:R1Iud8wy6I8oM6t
Score

1^/10
behavioral5
- Target
  
  Korepi/dll/vcruntime140.dll
- Size
  
  95KB
- MD5
  
  f34eb034aa4a9735218686590cba2e8b
- SHA1
  
  2bc20acdcb201676b77a66fa7ec6b53fa2644713
- SHA256
  
  9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
- SHA512
  
  d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
- SSDEEP
  
  1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
Score

1^/10
behavioral6
- Target
  
  Korepi/dll/vcruntime140_1.dll
- Size
  
  36KB
- MD5
  
  135359d350f72ad4bf716b764d39e749
- SHA1
  
  2e59d9bbcce356f0fece56c9c4917a5cacec63d7
- SHA256
  
  34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
- SHA512
  
  cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba
- SSDEEP
  
  384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
Score

1^/10
behavioral7
- Target
  
  Korepi/dll/vivoxsdk.dll
- Size
  
  11.9MB
- MD5
  
  458a3a79a667216b0adf2a0f4c875247
- SHA1
  
  3f7d567a7393d9a8be70814a0be4f70a3eb69c36
- SHA256
  
  1d932531cca6411e1eb93b455481a486e8f2041b54312838d0d21957e04e8583
- SHA512
  
  e38e360e5652af39d6a46579fd98db9aaefd2701e5798c21741a86e656e7ef32435393371dbad4f3a99314bebaea5b916609a49f0205b1cad146296b23fae496
- SSDEEP
  
  196608:j21we7cMisBhEFCEbnyZnn5QiIfAnXYmgLyGR6FuvFaEWmys2LRVfrgtTfKoI4yt:aiYewEbnyZTeAnIlLyZGP2TTgEoIVrh
Score

1^/10
behavioral8
- Target
  
  Korepi/msvcp140.dll
- Size
  
  553KB
- MD5
  
  6da7f4530edb350cf9d967d969ccecf8
- SHA1
  
  3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
- SHA256
  
  9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
- SHA512
  
  1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab
- SSDEEP
  
  12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
Score

1^/10
behavioral9
- Target
  
  Korepi/msvcp140_1.dll
- Size
  
  23KB
- MD5
  
  0832532fab0d5c949aa0c65169aa9d61
- SHA1
  
  26f1bee679b7a6289b663c4fa4e65eba33a234e8
- SHA256
  
  8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617
- SHA512
  
  03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0
- SSDEEP
  
  384:fXt9apR9EFsN2iWcs5gWjcKLHRN7IVslGssA:fXK79EFsEHKAmS
Score

1^/10
behavioral10
- Target
  
  Korepi/msvcp140_2.dll
- Size
  
  182KB
- MD5
  
  e35261e9f4478aabe736bb2269c20b59
- SHA1
  
  f17330804c159418d4acf7a803662b8c1f7686fd
- SHA256
  
  366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e
- SHA512
  
  2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9
- SSDEEP
  
  3072:Eo8fdbDQ2RAIQSP3cNkquWHSWnwTXsY0YqgwAlrX/Fv1Yqg6r+9:EVZgIQDkgyWnZlfgX/1fr
Score

1^/10
behavioral11
- Target
  
  Korepi/msvcp140_atomic_wait.dll
- Size
  
  55KB
- MD5
  
  4e81a05a4b996d180f811426c5e23278
- SHA1
  
  95f57da55ae2dad5807b87a0c2bae2784a788dec
- SHA256
  
  c61a28711f8c6e9bfd4879cf5f53b013d653badad308abe3e887c694b223d6f0
- SHA512
  
  246aa70c5eb924d13c8a45fe1c75d1c5c9fbc9ae4e4af0fade44242af395bba9c65e9ed7eef7f52e29aaf987bbbddd8e775467705cb6da4934e440688ffef8ee
- SSDEEP
  
  768:LHzT4jKeYfXyHSRrYCNgb8/X/QL3NsgmSwsN0TNx9zDC:PT4rpSptNgo/X/QL3jlw9pzW
Score

1^/10
behavioral12
- Target
  
  Korepi/msvcp140_codecvt_ids.dll
- Size
  
  20KB
- MD5
  
  c7e047cea075a9256916cfb83eaed1a6
- SHA1
  
  64e128c1f9cc440a3fd7564d00ae6f7e70cc2fa7
- SHA256
  
  9b45fd069bd0076d8abfeb7c3c30a1f5c5fc8e7124017853a93d831a346c3d21
- SHA512
  
  1e0ac2dfc18e88500fb89191b1f8a875db3b8013acac06d82d815d53b6ac5d3b5e3b79ad4c5f965ce11f5e68ed649b76475a3e40e986640fb95a8c6d194bcc85
- SSDEEP
  
  384:dYp02r8AWiOEWAk/tQ0HRN7jLZ+TKAR9zfUY0:dY02reGMSwx+289zo
Score

1^/10
behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13