phemedrone | a6ed050ec8b21feafd3335a3396258be13a2d29601030be8f4b20c682759a2fb | Triage

Sharing

General

Target

vlad.exe
Size

512KB
Sample

240331-pn37vabd2v
MD5

0dd8757d42380787ba7162a7776f30c5
SHA1

18465ff3c76fc6c441a195b679047f9089b269de
SHA256

a6ed050ec8b21feafd3335a3396258be13a2d29601030be8f4b20c682759a2fb
SHA512

d0a8354a7af21702f70b5ef7f3440a4755b6e1bb4e39a5c821fcac34e2f019dc73243764ef037efb2ad4de05855ced057d95bc8cdfa1c74ebb27194421297c22
SSDEEP

12288:ol3p6elUM8ucJxlekO10C/aWoRWn8nmbkVfXnsfubmKpX:ol3p7lMucJtCyW2Wn8nmbkVfXnsmbmA

Score

10^/10

phemedrone spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendMessage?chat_id=-4194654645

Targets

- Target
  
  vlad.exe
- Size
  
  512KB
- MD5
  
  0dd8757d42380787ba7162a7776f30c5
- SHA1
  
  18465ff3c76fc6c441a195b679047f9089b269de
- SHA256
  
  a6ed050ec8b21feafd3335a3396258be13a2d29601030be8f4b20c682759a2fb
- SHA512
  
  d0a8354a7af21702f70b5ef7f3440a4755b6e1bb4e39a5c821fcac34e2f019dc73243764ef037efb2ad4de05855ced057d95bc8cdfa1c74ebb27194421297c22
- SSDEEP
  
  12288:ol3p6elUM8ucJxlekO10C/aWoRWn8nmbkVfXnsfubmKpX:ol3p7lMucJtCyW2Wn8nmbkVfXnsmbmA
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronespywarestealer

behavioral2

phemedronespywarestealer