phemedrone | 7b39c29a7e3fb382ff89603c182073ffafe094f9390f76f01427cae1fd401367 | Triage

Sharing

General

Target

66d470662b00625bdd142c6dbc43888a.bin
Size

1.8MB
Sample

240410-brhhnabe29
MD5

b774afab47c981ec12cf302ac14aeed6
SHA1

b6afaccd1d896ec35c3de5e973b36fec0ee74f7d
SHA256

7b39c29a7e3fb382ff89603c182073ffafe094f9390f76f01427cae1fd401367
SHA512

b6df5c6de4c10b9e6cd12a97d02f80f62804e5ee62fcb58a1c773b843a97943b8ec190fbcf62534795f707437d811104096ab7411bd9995840bbc2cec724a926
SSDEEP

49152:EAPWHv/S6QI0vEsfF/D8MagHUl9RToguv097WLaZdWI:veSn88QX1Mguu7CSdb

Score

10^/10

phemedrone stealer

Malware Config

Extracted

Family

phemedrone

C2

10.5.0.2

Targets

- Target
  
  2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696.exe
- Size
  
  4.1MB
- MD5
  
  66d470662b00625bdd142c6dbc43888a
- SHA1
  
  b26f70d765d664c9daf307bc89767e6ab8aa41d4
- SHA256
  
  2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696
- SHA512
  
  1c59784050f00b84693bbd9985761c605b20e38753da394eaf20b12a296e8a13a416b0949cd4d1de3f80859277b5bf15c260297ce93e42fd188764c9db966013
- SSDEEP
  
  49152:TmLt5d3214AmqYoh8yBUtYTL0VhgFhFO47t+l06ungLU:QfTFNgLsA7
Score

10^/10

phemedrone stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronestealer

behavioral2

phemedronestealer