phemedrone | 8d51e3c700ad933f066e40114dc6715f[.]bin | Triage

Sharing

General

Target

8d51e3c700ad933f066e40114dc6715f.bin
Size

38KB
MD5

78225c128fea8cc0dc22547f34265585
SHA1

c7668888536305468eac610965e5ca293afbdb8b
SHA256

a0483281b26448724e3f045b41547a7dc45a8bb1686bc749b1f5221e65a4fd9d
SHA512

7517babd337a5333b8ad97a11495e4d7fdefc0bb0a884e33efd9d543428fc5c83e95116e5cb8637107b3bc1a171b12eb76e9162e46127a3c971f144267ea7043
SSDEEP

768:n5h9yDVE1cdO1ZJvlHcTVQZR09YRp9GiVjM3Etn+MLDDjcOVaJf0ZcJ:5hcUZllHcuZR0+RvJM3dMLYbJf0ZcJ

Score

10^/10

phemedrone

Malware Config

Extracted

Family

phemedrone

C2

https://kenesrakishev.net/wp-admin/admin-ajax.php

Signatures

Phemedrone family
phemedrone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a4872844199c61e4e2090777825b26d876cb8876db6272f4b420e0c56e238fb1.exe

Files

8d51e3c700ad933f066e40114dc6715f.bin
.zip

Password: infected
a4872844199c61e4e2090777825b26d876cb8876db6272f4b420e0c56e238fb1.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ