Analysis
-
max time kernel
155s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
23-04-2024 01:18
General
-
Target
457461a6ad3b12a397d8ab96da9355dcb9954576c6552f3f8dc2d7e80ac17a6c.exe
-
Size
97KB
-
MD5
ee6038d5c37842bc34a6e17fd8478339
-
SHA1
2259364fc16b0c344e35b8afc0182e79857917b6
-
SHA256
457461a6ad3b12a397d8ab96da9355dcb9954576c6552f3f8dc2d7e80ac17a6c
-
SHA512
e833440b4f3533020bf498511fb5d78b3d9cf21fb04d020a696b3714920869fb62b2f73272e99f224e317ff03f214581ba4bb2b53925d3d8225d672b3e493e67
-
SSDEEP
1536:n+G1e0GWGl4tS6Bh1pI//W/9/fnFP5psgnCyQqJSwEKMiV7LU:n+Gs0il4jI/uF3nt5OgnCyQrwEKlhA
Malware Config
Extracted
phemedrone
http://77.221.151.42/dashboard/gate.php
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Detect binaries embedding considerable number of MFA browser extension IDs. 1 IoCs
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\457461a6ad3b12a397d8ab96da9355dcb9954576c6552f3f8dc2d7e80ac17a6c.exe"C:\Users\Admin\AppData\Local\Temp\457461a6ad3b12a397d8ab96da9355dcb9954576c6552f3f8dc2d7e80ac17a6c.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.7MB
-
Filesize
120KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
584KB
-
Filesize
408KB
-
Filesize
64KB
-
Filesize
7.7MB