General

  • Target

    7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809

  • Size

    5.3MB

  • Sample

    240414-3e57qsbc8t

  • MD5

    fedee37af6c431a3207fe8d25c882a4e

  • SHA1

    ea7be9251e52d05120599033d73dd959d81c2310

  • SHA256

    7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809

  • SHA512

    1d16785f913752b4621a71889f57059e8b9ac7eabc901effbb3baac3676cc3474ee4a9993d0a193beef745780175f9b1c04e159ef8febe23c25c417fef978e53

  • SSDEEP

    98304:+J1ezhQcSZcOb+sX1Zvbez14Z0FGRABTgtse6vzovkNu:+8hQcERCsXDjYZkJMU

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6699343870:AAGOms3s--pO8LwD1p3vPosnjG5pMMzXG9w/sendDocument

Targets

    • Target

      7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809

    • Size

      5.3MB

    • MD5

      fedee37af6c431a3207fe8d25c882a4e

    • SHA1

      ea7be9251e52d05120599033d73dd959d81c2310

    • SHA256

      7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809

    • SHA512

      1d16785f913752b4621a71889f57059e8b9ac7eabc901effbb3baac3676cc3474ee4a9993d0a193beef745780175f9b1c04e159ef8febe23c25c417fef978e53

    • SSDEEP

      98304:+J1ezhQcSZcOb+sX1Zvbez14Z0FGRABTgtse6vzovkNu:+8hQcERCsXDjYZkJMU

    • Phemedrone

      An information and wallet stealer written in C#.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks