Extracted

• • Target

    opendriversetup.exe

  • Size

    3.1MB

  • MD5

    0de0995c98d8a1a3f7602704863321ad

  • SHA1

    35d5f356ffd9701b91a7542497b877f30bdcf9fe

  • SHA256

    d72578ccb2cd7c5ae739c9cc4baf43fcf6635724bbf4cd181dc9e16a694aae42

  • SHA512

    3cdfa564adc14ed14b8bab4beacecd78aac6dc24ca4c4c10b2f3c49be808547ef3ebc01e253e983669e02d0cee3fcf3a0ad91e795e47e60ee250dc592fa3ce23

  • SSDEEP

    6144:y3Gv0T1wpv5GIzhZSaaXVtxzS1yaUAbncSBpUYYQBHSJIUJuR:Sh1wpv5GSPS7txzS1yaUWPdVBHSI

  Score

  10^/10

  phemedronespywarestealer

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1