General
-
Target
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5
-
Size
89KB
-
Sample
240421-p2kmnabg89
-
MD5
421c40695b1537b040830d13b7b860d8
-
SHA1
a63377c184c808116f7c192cd7c5f4dd763a77d3
-
SHA256
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5
-
SHA512
27564661871e700fea1ef7e2d28e739e32a0c580323fbb42c5139a64b68afffae7ac9445eb7d304502b22bacb64c611a05392a19a59a4b30ddd4bad1aa59e2f0
-
SSDEEP
1536:Uf4b9BKhaUxo6TRMinLvIbzV6A2SYzEdV4c7Raeiq:Uf4b9IJxZTLnL4aSY4dVD3D
Malware Config
Extracted
phemedrone
http://77.221.151.42/dashboard/gate.php
Targets
-
-
Target
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5
-
Size
89KB
-
MD5
421c40695b1537b040830d13b7b860d8
-
SHA1
a63377c184c808116f7c192cd7c5f4dd763a77d3
-
SHA256
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5
-
SHA512
27564661871e700fea1ef7e2d28e739e32a0c580323fbb42c5139a64b68afffae7ac9445eb7d304502b22bacb64c611a05392a19a59a4b30ddd4bad1aa59e2f0
-
SSDEEP
1536:Uf4b9BKhaUxo6TRMinLvIbzV6A2SYzEdV4c7Raeiq:Uf4b9IJxZTLnL4aSY4dVD3D
Score10/10-
Phemedrone
An information and wallet stealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Downloads MZ/PE file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-