phemedrone

Resubmissions

18-02-2024 15:25

240218-stk51abf4z 10

18-02-2024 15:19

240218-sp9ykabf2v 10

18-02-2024 14:45

240218-r46c9abc7w 10

Sharing

Copy URL

Twitter E-mail

General

Target

Minty.rar
Size

8.5MB
Sample

240218-sp9ykabf2v
MD5

a4a32f721f75cd6d6be1b24502e744e9
SHA1

173ee164aa870196286e9a7ccc7b2e778bbc9f90
SHA256

18c74dde6426a0637bbdfff078e677fe9813391e7db685735f90cc42ac1cd231
SHA512

0af2726d6db4d06da950fdda4cec418244e3e8a0e52ec38473fd93b79afa45cc14fc8065801dadcaea7fd1298c712e5a6f33d7b47221288cfedd315ec0cfc748
SSDEEP

196608:lcNyUkbafZSQ4DMlI8hcVKsKe9COZhHTge+axEc2VvqCKA0gBMQJaEf/qJnQ4cLC:qoac+OUOXHEyxYQtgBMbEXqzKC

Score

10^/10

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot6678158569:AAGCj_95yYZbARbtI5kniGnlVkd_CTO8lfI/sendMessage?chat_id=6303202637

Targets

- Target
  
  Minty/Minty.exe
- Size
  
  84KB
- MD5
  
  6ab9efa8c00bfc58528805978f6e894a
- SHA1
  
  944441a3642a47c8b40633462de5876bc3bfb648
- SHA256
  
  d8604a6641d5743df9a0324f179476afe197cb63e2b94cbbce78aee2a348b5e1
- SHA512
  
  97a12dd1b0cf53b707b7251cbbc1f533fb9f3f9c3244c5f195ceb994a3569c00733580e470a5c43bd811d90e14ab650548a364bd858a00d9672eb4eacb4698a3
- SSDEEP
  
  1536:JD9XaiFH+UGPGTLh7CfoWKSO5T3rZ5SwEKSKK9jzpm+:JD9BH+FP+dmpS5TbZ8wEKSKK9jVr
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Minty/api-ms-win-core-profile-l1-1-0.dll
- Size
  
  11KB
- MD5
  
  e8dc04ac0733fb9c68633e03afb6b53a
- SHA1
  
  ebd93d45082c46e72ad70bc32b47cd76392a1f39
- SHA256
  
  db622e345d6481a2fd8692ab667173870c3da16c1ec2883e0f2f94dfc75d23b9
- SHA512
  
  03048615b7b4da05587c9564aa36e12d8b2dec4d9c82f2f8ccafbff8887d75679abcce97af16daa5b611733c0a2ff91b3012d71af3f115e7be12066b757cc637
- SSDEEP
  
  192:KG+WphWDgdZubhLUjhdQuxaZscF8Bd1LEAqa9sgfxIZHL:K/WphWDKZKa+ZsHLEAqDgf2h
Score

1^/10
behavioral3
- Target
  
  Minty/api-ms-win-core-rtlsupport-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  474e48c84874d76c48e596fe960a1f22
- SHA1
  
  a3d59ef6ab7b5fa76bbebde7481998d3aafd0f9c
- SHA256
  
  dc66d579f32f37a30caa7ceaa97d882100fd782898bfc9e6cd8de5f3fe121a8a
- SHA512
  
  56fb3813d519f08be08c62f10a56343989794c1e780b407ac210ed36a2dfba09a71393f071e1856c85c975e0802b17a41db00ef5ec0d527c9106cf64591fb605
- SSDEEP
  
  192:oGeV6WphWndZubhLUjhdQuxaZscF8Bd1L0yMa9sgfxIZH9JZgw:oGeV6WphWdZKa+ZsHL0VDgf2hTOw
Score

1^/10
behavioral4
- Target
  
  Minty/api-ms-win-core-string-l1-1-0.dll
- Size
  
  11KB
- MD5
  
  3eb0726e50c2b7f39b148cd96f084d36
- SHA1
  
  162fa444853cf5b211facedf3eea0aeb650800cc
- SHA256
  
  52696a6a470462edffd37f2f848c0601b44afc0b1c353799fae6ddd4ee4336e6
- SHA512
  
  9dbf7148072d781670e755b64c76e4e862fd341a7d0136b2171d556ee37b8fd0a36d45237a8b3ce7cfca5fb672e0f575ae97f32c0784443d2f2ac554fb50f2e6
- SSDEEP
  
  192:UyMvqWphWpdZubhLUjhdQuxaZscF8Bd1L0MXa9sgfxIZHE:UyMvqWphW3ZKa+ZsHL0yDgf2hE
Score

1^/10
behavioral5
- Target
  
  Minty/api-ms-win-core-synch-l1-1-0.dll
- Size
  
  13KB
- MD5
  
  5f9aaadb0a71670c262cece360715b51
- SHA1
  
  793fcd52a90dec1a02b948f639e43826e48e7c34
- SHA256
  
  4bbe96fd5b5d3a4f5c7e93262fbd0e6c638e719c00d6b316b1e5149f9154d8c1
- SHA512
  
  549e27baf2b94d5d25dba4315ecca71f1249d5b4f435855d859698ec691893707838ab1ce031a18db0f01704f48d9b2e5bb8460bac785b0486461f3b7abf09c7
- SSDEEP
  
  384:Zdv3V0dfpkXc0vVaTWphWfeZKa+ZsHLE9N0Dgf2hI:Zdv3VqpkXc0vVaC9bo0Uf2h
Score

1^/10
behavioral6
- Target
  
  Minty/api-ms-win-core-util-l1-1-0.dll
- Size
  
  11KB
- MD5
  
  3c5fbeabfeb08e02a1875fd1b40b742a
- SHA1
  
  a226a25e2bec023bfa5d6f6abda26f68a527f816
- SHA256
  
  612c71cd87bf296a4918da65a6be9adaac87d21a1f1c8c31860a3baba69d2d44
- SHA512
  
  fe8cb5cf988c2d60b2c5c49c9c76b724baf7b03bb5c57bc0fed008d25ce4d370f2b2302ff4b8dffd2ae9c49144224bca62dc4e50f20989a3c9d1b252ae839963
- SSDEEP
  
  192:2V3IeWphWQdZubhLUjhdQuxaZscF8Bd1L0Pka9sgfxIZHTb:2V39WphW6ZKa+ZsHL0sDgf2hTb
Score

1^/10
behavioral7
- Target
  
  Minty/api-ms-win-crt-conio-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  a69121352fa09905b1f0b5c8eff8b4e1
- SHA1
  
  5fefddcf894a31a993d5fe5cfc5e8302723a6fe9
- SHA256
  
  0b52cab46e0a2c87cc3c114518aeeea8a0b774b748247d0ea45be2deb496711c
- SHA512
  
  4b588f3fc8914a6f32bea73036c0ce8ae89eea09671853026119e500834b4480e228652599d7fdd1c0f01581c032df35630760eaacd87356d31b9977913fae4b
- SSDEEP
  
  192:HEWphWZdZubhLUjhdQuxaZscF8Bd1LEata9sgfxIZHI:HEWphWnZKa+ZsHLEADgf2hI
Score

1^/10
behavioral8
- Target
  
  Minty/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  15KB
- MD5
  
  0df91e9ccb1639af18e1512efd4b8d41
- SHA1
  
  e3f9816b30a690a11f5023e5fcb89e502744f3d6
- SHA256
  
  dc2205d27942d0494dff0cdd6fa2776e2a948a7f8d09f34955bfa1f479c9c2ce
- SHA512
  
  fa903de73398b42689f4ff98cd58983976c8ad633b759ecccc1f0d6fc9abab3cf64531afb601b2ac12549db02b6152dc87b411903e3bc202776f381551ec2cdc
- SSDEEP
  
  192:o89M0wd8dc9cy1WphWedZubhLUjhdQuxaZscF8Bd1LE92ta9sgfxIZHL:ot0wd8xy1WphWQZKa+ZsHLE9cDgf2hL
Score

1^/10
behavioral9
- Target
  
  Minty/api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  290804fca4c9f6e4253201eed9ab7bd0
- SHA1
  
  51412148b076ba0507ed2774bfb5339232a70a98
- SHA256
  
  2219d56c71e96692ae8573f802eb190428e296bacd1613959d199a41a9d9acaf
- SHA512
  
  bab824bd86c28d6bcd7030b3a977c112df2cc3a96837aa885ea447e8035cc84df6876e330fd8aaaeb75a88dae450fd6c215dcaed604ffbdc68d11225f246931b
- SSDEEP
  
  192:bKNcWphWBgdZubhLUjhdQuxaZscF8Bd1LE3lvHxa9sgfxIZHkb:bKNcWphWcZKa+ZsHLE31HxDgf2hkb
Score

1^/10
behavioral10
- Target
  
  Minty/api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  13KB
- MD5
  
  821da1308062d9548cc4cd276ac8a5bb
- SHA1
  
  d9885c160a3fb28b5aac11970487c1947c6c0c70
- SHA256
  
  0074669eeb5234606ef73dc118f580fe438eeba6ca7279e9b3d64a26c0b100ec
- SHA512
  
  c437035879033815e43d412cc1aee52f8b1815b388082b304bbe4bf1bc9648ba19c98e80579de105c56528619e84bf906f3fe9f02d6028f5735054730c2e6daa
- SSDEEP
  
  192:Mt/PGnWlC0i5C9WphWKdZubhLUjhdQuxaZscF8Bd1LEPa9sgfxIZH:yunWm5C9WphWsZKa+ZsHLEPDgf2h
Score

1^/10
behavioral11
- Target
  
  Minty/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  b6945fa978f55187d2de15061f5c5145
- SHA1
  
  72a8c208036039e9bc04347d89363ebd4f6ac9a5
- SHA256
  
  22b0ba155409f5b3936e53887795179e741bac475c4d3cbe61eb923fec587fba
- SHA512
  
  b5c1fafb49c7a03ef5a916f12acd84e1865c772adbc028f01da527f42f6e5cda6d647acdeaa7c680d38c7cdea748a2ddb2780489edcb0f2cbcb3ad42dab7d03e
- SSDEEP
  
  192:0uaY17aFBRQWphWP+OdZubhLUjhdQuxaZscF8Bd1LEE1a9sgfxIZHF:00VWphWZZKa+ZsHLEsDgf2hF
Score

1^/10
behavioral12
- Target
  
  Minty/api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  87dde4b6bc93556e2104f25892b21a83
- SHA1
  
  be0987399c5784501cb6ba37581b5b523891ce9c
- SHA256
  
  876c9715dcd825995def190457ca9d2f0fe38775bb01a2dcb4e62b187c5ee428
- SHA512
  
  df37b3ee373263e4a654b9c003576e43b0fb85f3099c630a3ada350e6809436a87c6e0957e2c0629d2393b0284e5a71955d6ac43a4ae45d8f907caaa9b32846f
- SSDEEP
  
  192:AWphWVXdZubhLUjhdQuxaZscF8Bd1LENxa9sgfxIZHu:AWphWnZKa+ZsHLENxDgf2hu
Score

1^/10
behavioral13
- Target
  
  Minty/api-ms-win-crt-process-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  8d3c687d379f71feb6cc9cf9ecf3cdcd
- SHA1
  
  ee63265a8a3326374b421e90087d3069d92955c8
- SHA256
  
  1c208b78198e501205f89768bc100ea9605e2f616f0cd7db2fd56760a864a7d6
- SHA512
  
  12cbc658a49c3f0bb35c41c29ceda42109a4e0acde0b8205a1fd9561d5f271ea5004f3cdea312897ed1306bb2f12cb05990c6434e7aea7352b94a26069a0c810
- SSDEEP
  
  192:Enqjd71WphWMdZubhLUjhdQuxaZscF8Bd1LEvDMxa9sgfxIZHOK:En8WphW2ZKa+ZsHLEoxDgf2hT
Score

1^/10
behavioral14
- Target
  
  Minty/concrt140.dll
- Size
  
  310KB
- MD5
  
  cd12471b295f6a1c66dcc9fc519eef5b
- SHA1
  
  dbca64bc390ea30d54c184086f0505fef35cd969
- SHA256
  
  573229a07f38ab9d2fc2e1a5b98e9243b9b39100323180c83ad7ddaf98eee46a
- SHA512
  
  c8a75f285e12f3e65ea18b002d4661f01ebf54d464fec761917ac09709ff6005f0e15bf76756ccde8d19fe88f096d05df20bab252bb2c26248af5aaad846b988
- SSDEEP
  
  6144:1EI93zcNn3dMiBXHxHSSXfPnevwbbeVu00Xp9gznWzgQQf3P2iyK:aIlwNqihUSPPd9z8yK
Score

1^/10
behavioral15 behavioral16
- Target
  
  Minty/dbgeng.dll
- Size
  
  4.1MB
- MD5
  
  53a932b4f7819a9e62be4e84a2e808cd
- SHA1
  
  031766199999581c94ce46188777d3fbda9e31d7
- SHA256
  
  38c6aa8b85f388b814e2239a6a7355a999130a3cf1893a3219371f694d9759d3
- SHA512
  
  3137dae30b94b0c314c9e45b1e2ccb8c7293724a6a3b69f1c9dc0aad94ec7bbca6684eaeccc04866bad55eea1ba011a687cfa107f3af7c87f7ebefa8ed1822fc
- SSDEEP
  
  24576:+3rg4E36jDEdCWvKHWfkxKpafVk+kO5jjm8ipQPVQWYBqtacOOHzojxACwx+DVNv:+326jAYmNwfAEipysxAC5yod/k5le
Score

1^/10
behavioral17 behavioral18
- Target
  
  Minty/dbghelp.dll
- Size
  
  1.3MB
- MD5
  
  15ee5c7404fa5b6de0eb0c042474d3bf
- SHA1
  
  ec3a7fd5861447d615968c51e507cd376a48bd6b
- SHA256
  
  159b30d9f1bbe69ae03e0d19669d4fcb565246d81672b7034a69cef9f466dcbe
- SHA512
  
  eaa2004d5c243597705baf53140b3944fa9d79f719bdef09e5226f44f740180e2cd41a55a6745b16931c84a8b96b81da85eb372cf39acd34cecb9e373d422aa6
- SSDEEP
  
  24576:/HwbKof5HWhFJt0fTGHf01BWgXkqy5xFxmLM6dh7GQlfKd:vRu2hFJteiFdqqVAS
Score

1^/10
behavioral19 behavioral20
- Target
  
  Minty/dll/api-ms-win-core-synch-l1-2-0.dll
- Size
  
  12KB
- MD5
  
  273a789b794dfd0e4a370e29932f5f42
- SHA1
  
  dfadbea258c9d4bdcabd8b69abbeafd23da6b665
- SHA256
  
  5e696fbe467b10158abcfcfea82995a9ead018a5870581539183c78830dc5168
- SHA512
  
  33462917ea66e8937b7fbd5c665a0101fe992217ec178999607d1f68de22d4341f78313c6d595df9da2cf96e2a029028efe4444e0514bcae6278adcadfd0801d
- SSDEEP
  
  192:oytZ39hcWphWzdZubhLUjhdQuxaZscF8Bd1L0tja9sgfxIZHFV:XtZ39hcWphWpZKa+ZsHL0tDgf2hFV
Score

1^/10
behavioral21
- Target
  
  Minty/dll/api-ms-win-core-sysinfo-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  1589ffcc59fad86253ab7de1fe9733b3
- SHA1
  
  a58110c7776ff8f9166601e88ec1a2e5e48ad09d
- SHA256
  
  46ed253e8ccb8e488045d349a6986fd4e2715d1962c2fe998eec003d576f0102
- SHA512
  
  19e70bcd6e2c341c029eb6a0ee3ccc734f731467feb7b055ec0da6cdf00dbb195aa0c76a3244ce7fd11b5895d2863562a2814210f353d6e51541bf2f681cc4cc
- SSDEEP
  
  192:fKIMFUXWphW6dZubhLUjhdQuxaZscF8Bd1L0s94FNyXa9sgfxIZHxX8l:fBXWphWcZKa+ZsHL07FNSDgf2hU
Score

1^/10
behavioral22
- Target
  
  Minty/dll/api-ms-win-core-timezone-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  ac611793e2221acce8040b5641fdce2e
- SHA1
  
  fc71023a3678c002f662ab44f96aafe5bce1004a
- SHA256
  
  752fd5e2618f98678de97af8b461c9249f67c69a4fcc7ca3373f17487bafbbb8
- SHA512
  
  625c2f83808a09f2c589d898d9dcba49eb46efe085918a1cc42b3724949a88f29e20c230f7e35eee17ff59806d1d7df49dd36b18cf60c6a8842da540ac55deb7
- SSDEEP
  
  192:WSWphWmdZubhLUjhdQuxaZscF8Bd1LEcZfa9sgfxIZHEmmv:WSWphWIZKa+ZsHLEcZfDgf2hEvv
Score

1^/10
behavioral23
- Target
  
  Minty/dll/api-ms-win-crt-math-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  3603ec844137b2cb6c55ee9ec5f63b5c
- SHA1
  
  2af961137317d4e8fa6f6e2bb2407b42838ded34
- SHA256
  
  32860e3e8b279bb83dacbb827482c7d7e4e1b8d6e56ad1c94f451ce83138792f
- SHA512
  
  0b28b2fd8751e6c36ab5e7e1d3f4e1389f388874e970c256e80ccb53c2e824a8684224762d7ab164c4ddb40b2e3ae6be364e89b7717044c71f0d3713b3e2cebb
- SSDEEP
  
  384:IJI2M4Oe59Ckb1hgmLZWphWrZKa+ZsHL0rkDgf2hV:Ii2Mq59Bb1jE6bkkUf2hV
Score

1^/10
behavioral24
- Target
  
  Minty/dll/api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  cec239d062fb0fa275cfadd2eb0e9307
- SHA1
  
  0365237ef3c2e40431fa91536f910779a3861e7e
- SHA256
  
  445e5fc4a39b5758e1e6d268865f53f4b331374300bf52aac20766acc60deca8
- SHA512
  
  61047ce3c9bcd95b5a137040b35c27f66e2209a6d75f4a9305132c049c65c657fd726e93a837ee9c9a2e79ce4915523ffb9a58f923dbe0e922b7c382b9981b53
- SSDEEP
  
  384:7USrxLPmIHJI6/CpG3t2G3t4odXLZWphW7ZKa+ZsHL0/3Dgf2h6:QiPmIHJI6iabgUf2h6
Score

1^/10
behavioral25
- Target
  
  Minty/dll/api-ms-win-crt-private-l1-1-0.dll
- Size
  
  63KB
- MD5
  
  cb8a3abf15c3a44127c3eaa7fcb01367
- SHA1
  
  e3f918285f281d104c176c62976cf6b39d540f12
- SHA256
  
  ddc0289a8a719374074f6484969c223491e469dcf7e2cbb7ac29dd0c4b7e5a8c
- SHA512
  
  341f915601ff8e18c47ffc6ae862e642410d729c29a958d62ea41e77f3d74cbd7504c484f2fd0d47c0d21159d800dc6b0111db65a8eae5145766899039a56a46
- SSDEEP
  
  1536:MTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9oQUf3:yiYDe5c4bFe2JyhcvxXWpD7d3334BkZx
Score

1^/10
behavioral26
- Target
  
  Minty/dll/vccorlib140.dll
- Size
  
  327KB
- MD5
  
  2d581d8598f4db0fc55b415b841c7544
- SHA1
  
  e8a3d709a2cfe4262e0cb020851ec728134ccc34
- SHA256
  
  79284659bf4302162302737d2513b17e09742cdefb9540e80f97d30c93077d7c
- SHA512
  
  adbcfc80afcfe69db9587536ea88ab09570f51d2213b0f29e55e01eeb518c9f35a7723fdf0e06284e2cadc63c49b25575ddea3b4032501917d002b648998c98e
- SSDEEP
  
  6144:R+dqDim64W44od8wyW9I8RbAL2dma6JD36a:R1Iud8wy6I8oM6t
Score

1^/10
behavioral27 behavioral28
- Target
  
  Minty/dll/vcruntime140.dll
- Size
  
  95KB
- MD5
  
  f34eb034aa4a9735218686590cba2e8b
- SHA1
  
  2bc20acdcb201676b77a66fa7ec6b53fa2644713
- SHA256
  
  9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
- SHA512
  
  d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
- SSDEEP
  
  1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
Score

1^/10
behavioral29 behavioral30
- Target
  
  Minty/dll/vcruntime140_1.dll
- Size
  
  36KB
- MD5
  
  135359d350f72ad4bf716b764d39e749
- SHA1
  
  2e59d9bbcce356f0fece56c9c4917a5cacec63d7
- SHA256
  
  34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
- SHA512
  
  cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba
- SSDEEP
  
  384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32