Overview

overview

10

Static

static

3

AIDA64-5.97.4605.exe

windows7-x64

10

AIDA64-5.97.4605.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AIDA64-5.97.4605.exe

  • Size

    5.9MB

  • Sample

    240407-2rkk5agg7x

  • MD5

    5a9a7eb3ae570ba2827f9b43f0ca8d8d

  • SHA1

    ff206f36fb8117bc112b915e6c523047e3ef0c8a

  • SHA256

    d5adb611966a10b056fc53bec138ad1dfd319c9d631eeebfcbdb13f101afc8ff

  • SHA512

    d66347fb462e01093c4758982b1cddd46f6d3eca8738cca56bb11ac38bf0208073f266376d906b8e071f2d9a12671814bbeb633d9373ea3c82b364ec5d414a26

  • SSDEEP

    12288:s6umEODqMBbbtP7MjII99YeeF5NM6r0N:E6pdXeem4

Score
10/10
phemedronespywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://rakishevkenes.com/wp-load.php

Targets

    • Target

      AIDA64-5.97.4605.exe

    • Size

      5.9MB

    • MD5

      5a9a7eb3ae570ba2827f9b43f0ca8d8d

    • SHA1

      ff206f36fb8117bc112b915e6c523047e3ef0c8a

    • SHA256

      d5adb611966a10b056fc53bec138ad1dfd319c9d631eeebfcbdb13f101afc8ff

    • SHA512

      d66347fb462e01093c4758982b1cddd46f6d3eca8738cca56bb11ac38bf0208073f266376d906b8e071f2d9a12671814bbeb633d9373ea3c82b364ec5d414a26

    • SSDEEP

      12288:s6umEODqMBbbtP7MjII99YeeF5NM6r0N:E6pdXeem4

    Score
    10/10
    phemedronespywarestealer

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks