Overview

overview

10

Static

static

3

vlad.exe

windows7-x64

10

vlad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vlad.exe

  • Size

    512KB

  • Sample

    240331-pn37vabd2v

  • MD5

    0dd8757d42380787ba7162a7776f30c5

  • SHA1

    18465ff3c76fc6c441a195b679047f9089b269de

  • SHA256

    a6ed050ec8b21feafd3335a3396258be13a2d29601030be8f4b20c682759a2fb

  • SHA512

    d0a8354a7af21702f70b5ef7f3440a4755b6e1bb4e39a5c821fcac34e2f019dc73243764ef037efb2ad4de05855ced057d95bc8cdfa1c74ebb27194421297c22

  • SSDEEP

    12288:ol3p6elUM8ucJxlekO10C/aWoRWn8nmbkVfXnsfubmKpX:ol3p7lMucJtCyW2Wn8nmbkVfXnsmbmA

Score
10/10
phemedronespywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendMessage?chat_id=-4194654645

Targets

    • Target

      vlad.exe

    • Size

      512KB

    • MD5

      0dd8757d42380787ba7162a7776f30c5

    • SHA1

      18465ff3c76fc6c441a195b679047f9089b269de

    • SHA256

      a6ed050ec8b21feafd3335a3396258be13a2d29601030be8f4b20c682759a2fb

    • SHA512

      d0a8354a7af21702f70b5ef7f3440a4755b6e1bb4e39a5c821fcac34e2f019dc73243764ef037efb2ad4de05855ced057d95bc8cdfa1c74ebb27194421297c22

    • SSDEEP

      12288:ol3p6elUM8ucJxlekO10C/aWoRWn8nmbkVfXnsfubmKpX:ol3p7lMucJtCyW2Wn8nmbkVfXnsmbmA

    Score
    10/10
    phemedronespywarestealer

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks