phemedrone | 2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696 | Triage

Sharing

General

Target

2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696
Size

4.1MB
Sample

240408-rhb8aaba52
MD5

66d470662b00625bdd142c6dbc43888a
SHA1

b26f70d765d664c9daf307bc89767e6ab8aa41d4
SHA256

2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696
SHA512

1c59784050f00b84693bbd9985761c605b20e38753da394eaf20b12a296e8a13a416b0949cd4d1de3f80859277b5bf15c260297ce93e42fd188764c9db966013
SSDEEP

49152:TmLt5d3214AmqYoh8yBUtYTL0VhgFhFO47t+l06ungLU:QfTFNgLsA7

Score

10^/10

phemedrone stealer

Malware Config

Extracted

Family

phemedrone

C2

10.5.0.2

Targets

- Target
  
  2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696
- Size
  
  4.1MB
- MD5
  
  66d470662b00625bdd142c6dbc43888a
- SHA1
  
  b26f70d765d664c9daf307bc89767e6ab8aa41d4
- SHA256
  
  2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696
- SHA512
  
  1c59784050f00b84693bbd9985761c605b20e38753da394eaf20b12a296e8a13a416b0949cd4d1de3f80859277b5bf15c260297ce93e42fd188764c9db966013
- SSDEEP
  
  49152:TmLt5d3214AmqYoh8yBUtYTL0VhgFhFO47t+l06ungLU:QfTFNgLsA7
Score

10^/10

phemedrone stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronestealer

behavioral2

phemedronestealer