General
-
Target
7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809
-
Size
5.3MB
-
Sample
240414-3e57qsbc8t
-
MD5
fedee37af6c431a3207fe8d25c882a4e
-
SHA1
ea7be9251e52d05120599033d73dd959d81c2310
-
SHA256
7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809
-
SHA512
1d16785f913752b4621a71889f57059e8b9ac7eabc901effbb3baac3676cc3474ee4a9993d0a193beef745780175f9b1c04e159ef8febe23c25c417fef978e53
-
SSDEEP
98304:+J1ezhQcSZcOb+sX1Zvbez14Z0FGRABTgtse6vzovkNu:+8hQcERCsXDjYZkJMU
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot6699343870:AAGOms3s--pO8LwD1p3vPosnjG5pMMzXG9w/sendDocument
Targets
-
-
Target
7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809
-
Size
5.3MB
-
MD5
fedee37af6c431a3207fe8d25c882a4e
-
SHA1
ea7be9251e52d05120599033d73dd959d81c2310
-
SHA256
7966834c1d2820f4662d2cf896f92b9e219d48f9a96963b5b3efa8be1a72c809
-
SHA512
1d16785f913752b4621a71889f57059e8b9ac7eabc901effbb3baac3676cc3474ee4a9993d0a193beef745780175f9b1c04e159ef8febe23c25c417fef978e53
-
SSDEEP
98304:+J1ezhQcSZcOb+sX1Zvbez14Z0FGRABTgtse6vzovkNu:+8hQcERCsXDjYZkJMU
Score10/10-
Phemedrone
An information and wallet stealer written in C#.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-