Overview

overview

10

Static

static

3

2536fc6f1a...96.exe

windows7-x64

10

2536fc6f1a...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66d470662b00625bdd142c6dbc43888a.bin

  • Size

    1.8MB

  • Sample

    240410-brhhnabe29

  • MD5

    b774afab47c981ec12cf302ac14aeed6

  • SHA1

    b6afaccd1d896ec35c3de5e973b36fec0ee74f7d

  • SHA256

    7b39c29a7e3fb382ff89603c182073ffafe094f9390f76f01427cae1fd401367

  • SHA512

    b6df5c6de4c10b9e6cd12a97d02f80f62804e5ee62fcb58a1c773b843a97943b8ec190fbcf62534795f707437d811104096ab7411bd9995840bbc2cec724a926

  • SSDEEP

    49152:EAPWHv/S6QI0vEsfF/D8MagHUl9RToguv097WLaZdWI:veSn88QX1Mguu7CSdb

Score
10/10
phemedronestealer

Malware Config

Extracted

Family

phemedrone

C2

10.5.0.2

Targets

    • Target

      2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696.exe

    • Size

      4.1MB

    • MD5

      66d470662b00625bdd142c6dbc43888a

    • SHA1

      b26f70d765d664c9daf307bc89767e6ab8aa41d4

    • SHA256

      2536fc6f1a41811f182aa3cd922e880835468ef10ef8bd50cc6a1c180c080696

    • SHA512

      1c59784050f00b84693bbd9985761c605b20e38753da394eaf20b12a296e8a13a416b0949cd4d1de3f80859277b5bf15c260297ce93e42fd188764c9db966013

    • SSDEEP

      49152:TmLt5d3214AmqYoh8yBUtYTL0VhgFhFO47t+l06ungLU:QfTFNgLsA7

    Score
    10/10
    phemedronestealer

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks