General
-
Target
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5.exe
-
Size
89KB
-
Sample
240423-b22dhsbb9y
-
MD5
421c40695b1537b040830d13b7b860d8
-
SHA1
a63377c184c808116f7c192cd7c5f4dd763a77d3
-
SHA256
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5
-
SHA512
27564661871e700fea1ef7e2d28e739e32a0c580323fbb42c5139a64b68afffae7ac9445eb7d304502b22bacb64c611a05392a19a59a4b30ddd4bad1aa59e2f0
-
SSDEEP
1536:Uf4b9BKhaUxo6TRMinLvIbzV6A2SYzEdV4c7Raeiq:Uf4b9IJxZTLnL4aSY4dVD3D
Static task
static1
Behavioral task
behavioral1
Sample
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
phemedrone
http://77.221.151.42/dashboard/gate.php
Targets
-
-
Target
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5.exe
-
Size
89KB
-
MD5
421c40695b1537b040830d13b7b860d8
-
SHA1
a63377c184c808116f7c192cd7c5f4dd763a77d3
-
SHA256
a48ed05b6c117fd2ecf7c9bbf17ae3253e6aab133cdd4a06da54298635a136a5
-
SHA512
27564661871e700fea1ef7e2d28e739e32a0c580323fbb42c5139a64b68afffae7ac9445eb7d304502b22bacb64c611a05392a19a59a4b30ddd4bad1aa59e2f0
-
SSDEEP
1536:Uf4b9BKhaUxo6TRMinLvIbzV6A2SYzEdV4c7Raeiq:Uf4b9IJxZTLnL4aSY4dVD3D
Score10/10-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with Dotfuscator
-
Detects executables packed with Goliath
-
Detects executables packed with dotNetProtector
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Downloads MZ/PE file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-