phemedrone

Sharing

Copy URL

Twitter E-mail

General

Target

PhemedroneStealer V2.1.2.zip
Size

4.4MB
Sample

240517-t1jfesge74
MD5

8b1f78cf9a1600b2a254d3ccad222855
SHA1

3f51aeee6001120881aaa10e3e7aaee7cc248b5c
SHA256

eaea60d86d378692e8630a5c575889f4f56de42200f034c761fe451d94c6d60d
SHA512

9c160302384b479bfa761bcf24c9c59310db6cd729c329f3415f7208f4a31d4b6d4980a6b3f169938897062c6b12d2356bd8705b25cee66155135da8d0be4135
SSDEEP

98304:/m6H5ifeBZc98UG5cND9G5w4HKwmVA6VCHeLMyDKYpKSm6HwKtUUMV71hwKvvIbz:Fofe7cKUJND9GnqwmVA6VC+4y5LQBDI/

Score

10^/10

Malware Config

Extracted

Family

phemedrone

127.0.0.1:1337

Targets

- Target
  
  SRC/Phemedrone-Stealer/obj/Release/system.exe
- Size
  
  91KB
- MD5
  
  15a810be0d5c598c59ddb621d308a5c9
- SHA1
  
  f1b30abb12046f6734db19e173799d16ef554e3a
- SHA256
  
  1321de928a9b619fe8f641ca4e3bd1b1c6d3a7448b1d6d0acceab24cf80bbc00
- SHA512
  
  b618c3476a6f2cbedd583da9ede17bd7a4d98128411ac6de702e1aeca96e25358f267616d7a07f45ee7b76acdc7529c6e949a9234d5df4539621d312694e9d8f
- SSDEEP
  
  1536:Y/GjnCSHEVtMpewUtTirGy7+I5vkGHGIXwEKG1zXY:Y/GjnC8pBG65cCGgwEKG10
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1
- Target
  
  SRC/Phemedrone.Panel/ComparableIpAddress.cs
- Size
  
  833B
- MD5
  
  b4b62c1ee9b8d4e55fb7bcc67ba1edd6
- SHA1
  
  af7dc6b71bff14d5fa9316d6652f131c898c5ec8
- SHA256
  
  af1a3aabeaf20d0f43fd41f19dc31c6da8a9edd090f57e55c5913b2acf002fce
- SHA512
  
  abbb32f858c1ecfa2876ccb39b0b8c7c23c54bc6f419ea6c31d1b4f915d364dc907b0a37913fc55b4943ee20e3c4320fa6e397624f4649ad923378557c36cb58
Score

3^/10

execution
behavioral2
- Target
  
  SRC/Phemedrone.Panel/ConsoleTable.cs
- Size
  
  15KB
- MD5
  
  0f58f4e7a6cdd45346e672e11b943379
- SHA1
  
  198d4caab50b254a864076fdf78aa0cf8ec8ecf9
- SHA256
  
  ac6851a436d5c2da34357948d7da7401ddfe28139f7f2efdb0c47783780baa7c
- SHA512
  
  6162c915e2d402bce54bb1743625babcfb5ed28efd0fc4ff816d305b6b4d32dd9510eab52bf66f07cb48bbb605d0605854a8fc056be43a68aaf790ade88efe08
- SSDEEP
  
  384:O0OzKY39pRir0aVcZFblT1GtuFjTsHalz2:f0aVcZFb1AtSjualy
Score

3^/10

execution
behavioral3
- Target
  
  SRC/Phemedrone.Panel/DatabaseWorker.cs
- Size
  
  2KB
- MD5
  
  0e0a47041f10985f45e10f5aa7e177d5
- SHA1
  
  e5c2dd12ee1e81c556a1a8609253e94bb4c79bdb
- SHA256
  
  7539dca40454008cf2a4ef7b759b8973ebfa027b63580542847b73ecaa96a233
- SHA512
  
  ea5347113f1d70e6745e9279c212e8806d7f7e3abc02bc712bf6839738bb669af1b46195505ac461b5caa52d25849a1b66f90961aa2069b10d7c41d84efb589f
Score

3^/10

execution
behavioral4
- Target
  
  SRC/Phemedrone.Panel/Program.cs
- Size
  
  3KB
- MD5
  
  09a9ba3e3cc5ec8b7ee4bfb6cdb37856
- SHA1
  
  432c854061c19f46a6a5d3238a124be6fbe4cb7c
- SHA256
  
  c197e3373aa76f50260fb556482c7f9b3ddaf1aee066784fbd8e2762674f1126
- SHA512
  
  981be0b663aaf0fbcd965298c51a5f836bffe091cefeb30168eefe6864d6c0ad73ef3db8588e000fd41344d15e41145769ae2b39af259ee4e1a1d56a66e6abca
Score

3^/10

execution
behavioral5
- Target
  
  SRC/Phemedrone.Panel/TcpServer.cs
- Size
  
  2KB
- MD5
  
  e338ae3d43bf11e19c4385c377658f76
- SHA1
  
  ac1bb00c838f71abbb26e7c606d0c0b963f8547f
- SHA256
  
  ddf8e68cefc53cd5f9e128d8d230d428f646ee9e6dbe9480baf7d2a94e59ce72
- SHA512
  
  d41c2f3bfde31d1f123383d5c40699e841a89348949a33cc402951fe85421b7af5d47b36c8878c586c7b559ac4b6b41abb1dcd2ba94a7b44f5284eba11347060
Score

3^/10

execution
behavioral6
- Target
  
  SRC/Phemedrone.Panel/obj/Debug/net7.0/Phemedrone.Panel.dll
- Size
  
  31KB
- MD5
  
  55a0c6b4690ba8fae321d2b1c8939141
- SHA1
  
  f210cad92ffeccd68ab2e02b7d1ce9c12e2194ee
- SHA256
  
  2092b040b58a6f18784c3f141e24a8203cdae241c52322b08818531a9f0952cc
- SHA512
  
  01f25519012d2bf97a7290949e161b7daded77d6e4bf9e046c51df43aaf6b33aab2fc659e611cbcaa44a5ce0312fd398603b2dd3803fc4d39fd232ce1ff5578e
- SSDEEP
  
  768:+5mBvLDW+km1UgPZqXwFXju+e3LoTUTHe:5HRkwxEyXjuvLCUT+
Score

1^/10
behavioral7
- Target
  
  SRC/Phemedrone.Panel/obj/Debug/net7.0/apphost.exe
- Size
  
  154KB
- MD5
  
  6de535fa3063701a30a7aab0bf155efc
- SHA1
  
  e7c3967126851438e90b2edc4be737f1cd81d65b
- SHA256
  
  0a4420edb3c8446549b5c0c7a91ec69f2afc7d150fcaf5271d2c842d2fa58542
- SHA512
  
  80da269d860154d41cca873e4a73ef49009d6394a275052316ee596bf66bbab2745b337d885fea806c845cfca6818a26463cc86148d6ace52eb80f90630a34d3
- SSDEEP
  
  3072:SGCVxf7JX53dRZfeUlU8TkiIhm6gypSevM77WK1iWca3x:SVVTR1euN6pSeveWKIza3
Score

1^/10
behavioral8
- Target
  
  SRC/Phemedrone.Panel/obj/Debug/net7.0/ref/Phemedrone.Panel.dll
- Size
  
  10KB
- MD5
  
  888b78a5ba96d365c176c4e912458fb0
- SHA1
  
  f329c8f6c5997d0ba3b75c7a992f45569713b639
- SHA256
  
  f2e887cfd36befcba06523dedc18ce0d7241531e8372fc315c388953763f52dd
- SHA512
  
  2e7760304fb2cc064d36a36edc9c524e717f0cc2c9cdaae97aee539b2c5990dc6055b7e1b089d0cf287cc1c6355c951e4a84b56492d2d51ea5a278e9eddc2ce6
- SSDEEP
  
  96:SfMnXBVhXdf49MucunxXuYH1KBe7fJKqNUFf+oUR3GRfOTeX2cuwuGuWwTomwtzj:82x5OrcunpEMJHI+t1GRGTe8FbWXH
Score

1^/10
behavioral9
- Target
  
  SRC/Phemedrone.Panel/obj/Debug/net7.0/refint/Phemedrone.Panel.dll
- Size
  
  10KB
- MD5
  
  888b78a5ba96d365c176c4e912458fb0
- SHA1
  
  f329c8f6c5997d0ba3b75c7a992f45569713b639
- SHA256
  
  f2e887cfd36befcba06523dedc18ce0d7241531e8372fc315c388953763f52dd
- SHA512
  
  2e7760304fb2cc064d36a36edc9c524e717f0cc2c9cdaae97aee539b2c5990dc6055b7e1b089d0cf287cc1c6355c951e4a84b56492d2d51ea5a278e9eddc2ce6
- SSDEEP
  
  96:SfMnXBVhXdf49MucunxXuYH1KBe7fJKqNUFf+oUR3GRfOTeX2cuwuGuWwTomwtzj:82x5OrcunpEMJHI+t1GRGTe8FbWXH
Score

1^/10
behavioral10
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/Phemedrone.Panel.dll
- Size
  
  29KB
- MD5
  
  0f3443e726aca887ad5d6601b669ecf4
- SHA1
  
  bf69a0cdb70991854856a5dc9b951cb009beaa2c
- SHA256
  
  55e10e7c6804263ebb26ac87796770b588caef2bf41955daf13225d478b001a4
- SHA512
  
  171cf3e49ad87fbde1209f9bdc9f00e87ef1b34af554d3d2172f27289ac7be80b453cc8d48d665869c5d4d5fd31059222aab5384676fda648bce05ec047809c3
- SSDEEP
  
  384:pwwGA1gqw3jTYiOuD22P/CliZXyzo/HsKS+dNJEr/yrTcQc90wUp:pWAWO822XCwEqM+e/yrTx+Up
Score

1^/10
behavioral11
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/apphost.exe
- Size
  
  154KB
- MD5
  
  510f5cbf20100283d9aa992f3c9d626d
- SHA1
  
  382db89d967c6d429e89a7a1c55e114fa5bfdb55
- SHA256
  
  4ffb422a99308c672aecf5be26c1eeb5a9d48d566937b274e86875c713523cd6
- SHA512
  
  af53a820a0fad9d397aa16370a9c772254820fcb031743ca022c5429c57e59ca060d0f322c9451a60eb5511be50468e04abe3460ebc8a19917a7c15f35deb9aa
- SSDEEP
  
  3072:aGCVxf7JX53dRZfeUlU8TkiIhm6gypSevM77WK1iWca31:aVVTR1euN6pSeveWKIza3
Score

1^/10
behavioral12
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/ref/Phemedrone.Panel.dll
- Size
  
  10KB
- MD5
  
  873f0714b649425a377634609853497b
- SHA1
  
  7267b74810f587becc3fbe9630640ac85b05dcdc
- SHA256
  
  f52b37f28b71f17969d74a3fb52fefee87556642916a9f3e40ebe46dff5a4181
- SHA512
  
  30712327b9c4ef56fe9f3039b9476989871378b57af798a4a813cb52b32a8471270d2d3e8609d6629d4734e6e0e8a1ef925fc968fd9e0b8551832ddb2a709d81
- SSDEEP
  
  192:cfdT5BbRRRRRRRRRRRRUPYvrQTE3J1xwt1GY64a8FbZtLb:ELqPYvMoJ181GY64dp
Score

1^/10
behavioral13
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/refint/Phemedrone.Panel.dll
- Size
  
  10KB
- MD5
  
  873f0714b649425a377634609853497b
- SHA1
  
  7267b74810f587becc3fbe9630640ac85b05dcdc
- SHA256
  
  f52b37f28b71f17969d74a3fb52fefee87556642916a9f3e40ebe46dff5a4181
- SHA512
  
  30712327b9c4ef56fe9f3039b9476989871378b57af798a4a813cb52b32a8471270d2d3e8609d6629d4734e6e0e8a1ef925fc968fd9e0b8551832ddb2a709d81
- SSDEEP
  
  192:cfdT5BbRRRRRRRRRRRRUPYvrQTE3J1xwt1GY64a8FbZtLb:ELqPYvMoJ181GY64dp
Score

1^/10
behavioral14
- Target
  
  SRC/Phemedrone.Tools/Builder/ConstantChanger.cs
- Size
  
  6KB
- MD5
  
  0b3d40152059e7c7e6b5619274875121
- SHA1
  
  d15bfc0332d89b090e3e943d9aaeb3299ba42d72
- SHA256
  
  60dd70a6e4b08a49eb2263a79265074ebbe3c4dcfb7cfb98a2100eecedf81fac
- SHA512
  
  25ce6fa39bbd6ae9251f496f6b8c5c430ffb68c0fe1d0cc230a7e6b028dca40bcb998d478e8b738aca27c359b485e3cbfc98a636b87a84eca0e6ca9fcc0061b6
- SSDEEP
  
  96:Co4+4h2Igt2CFfvTVDh8FTFOFnn5VFFN4yZ:YpUJ5JvTWxo5bFN4yZ
Score

3^/10

execution
behavioral15
- Target
  
  SRC/Phemedrone.Tools/Builder/Injection.cs
- Size
  
  9KB
- MD5
  
  d419d309ad997c99b2cb99d91b86b17a
- SHA1
  
  04dc9bda1c4cbbb3911a9cead217ec5e702f5e1b
- SHA256
  
  174e4790f88c829f9a45418ac506596a32536316ce3c1a3e24f3737ef857ac7e
- SHA512
  
  9b3416675cf3da7b6b604579418f72ef00f2e2c6f0c0e621f8ce3117007bd8f9054e7b6e977224e0497bd18f17d20d186439fdc956d628fe4a435ef5c5d4ac61
- SSDEEP
  
  192:YUyrrf7FfHM3q8R5t4a9GmFTKZFsMlvooqSqvX:Yzrj7FfHM3q8R5ea9dkZFsMlA
Score

3^/10

execution
behavioral16
- Target
  
  SRC/Phemedrone.Tools/Builder/Phase.cs
- Size
  
  5KB
- MD5
  
  4e10ae7c869028119fc790b192d0790e
- SHA1
  
  bf2508be646cab1f717e77271d70b6b4c9312a00
- SHA256
  
  a8dc7010ef15d7ef0b6433404f20269d77cba8bb567e438b01e5bb98cd8e9ee5
- SHA512
  
  fca5058badbfdd93e0a1a3619ec42fab1a66a484de2135640cc671a4aa7e4a80e7c53258561999af636bfc06750064295b4a1046cd553fd2d91281fa48a12a40
- SSDEEP
  
  96:Co4hU2nGAQMxsr7VGOhjLUeGaZZnhMxt46/hVXgisY:YbLQ1RJyQTJ6ZRgQ
Score

3^/10

execution
behavioral17
- Target
  
  SRC/Phemedrone.Tools/Builder/RandomValues.cs
- Size
  
  1KB
- MD5
  
  5976a821edf3629804f8a4f95879e438
- SHA1
  
  0382f903529ac640e6a5e3d412698609330cd89a
- SHA256
  
  02e42dc3067cdfee6d7e981816d5f73a4a16c991f2c3fc353f31ff064fa82f34
- SHA512
  
  3942050767a3e943e6b2cef4d8a738d53315450a662a6f27a7705b81281fe9fae4d70b4a815c3ec7c9b8244bbfec1ff953eb9ff9ffca78995023d182b4c8bb29
Score

3^/10

execution
behavioral18
- Target
  
  SRC/Phemedrone.Tools/Builder/Renamer.cs
- Size
  
  2KB
- MD5
  
  57d8e67126462db9302048abed83aa49
- SHA1
  
  d9ca03c8238dc675060729b36be44c952c345637
- SHA256
  
  3542cf658e586f74a43b63dca5bf4e3c4e347dd81257bbe6109a5ad2c07e7b1b
- SHA512
  
  94ffc3c5b4ba5a9ca28f2a14727693704ffdf320ed270118709320304c1bd8da46c23c0b773eaa964c366387a77d84f25f1ca713279095335bc1cceb98e9f63c
Score

3^/10

execution
behavioral19
- Target
  
  SRC/Phemedrone.Tools/Builder/StringObfuscation.cs
- Size
  
  3KB
- MD5
  
  866f67aa45dbff6513a303d9716b5679
- SHA1
  
  57ebc422e3bf387fbeaf58897988c3c213a1b2da
- SHA256
  
  26c2d1ea03409654453bf60307b66a33028ff34d2e3b12ce10357845d03c619b
- SHA512
  
  f86ea6e83dc2bc88472afbc06eb5e79b6d271c677581588ed5baa38b6f9040ae81b032265adb03c6bc0ac96e1a3579b8ccdc53ae667b5f684a763b8876266277
Score

3^/10

execution
behavioral20
- Target
  
  SRC/Phemedrone.Tools/Interface/ArraySelection.cs
- Size
  
  4KB
- MD5
  
  8628f3bb23f1cf81856152e0cdd81c3c
- SHA1
  
  440d01273348d9d60eb42b0832fa2f446beeae09
- SHA256
  
  94c0bb2b08e8fd5a9c6448a0ebcc6ae05c51df2c6b6d8215d70e765cfc2a7bdc
- SHA512
  
  9fe46ebd8e39a684df62bbdf4225205d5db668226ed3899fd7485d6b49fd50be3fcdf6c8f73dc6b14e0ad6eaa336b32dd792effad5f3494b309040f2f852c6b5
- SSDEEP
  
  48:Co4+25MnZTQWrKvPk5bK/41HgZFCWiXQkGLuG2AD16Gv1Xs1F0T2EK8kq8Fz7Vkn:Co4+2eTViFC7G2AD8Gvhs3qwFvfw
Score

3^/10

execution
behavioral21
- Target
  
  SRC/Phemedrone.Tools/Interface/BooleanSelection.cs
- Size
  
  2KB
- MD5
  
  613a55e055b52df081ea4f2ceb17e1f6
- SHA1
  
  3520cc31b2fb77bcb3521de926fbcba79bf6e3b3
- SHA256
  
  f1f2c01b118caf4d2cd94ca131486b728479487f70c3f2dffe5bc42d55e87582
- SHA512
  
  0a1da00c92e0f5051fd1045142d0952abeb400f07fa67df8ed09796328fefe3b6ba77962f43c7085ca68a09ef340fa8fb34cdcaafa28a8c0238a066d039517dd
Score

3^/10

execution
behavioral22
- Target
  
  SRC/Phemedrone.Tools/Interface/IWindow.cs
- Size
  
  2KB
- MD5
  
  7107aa13def64862c28a3384d1ee845f
- SHA1
  
  daadc8befeb3294a7e659034623aaa0ec0fd1ec6
- SHA256
  
  a58d85933119914dc7cc2c2cddb1ee00bd40deb0c38e31cc4ee47e1eab26df6e
- SHA512
  
  5ce47590bba25a3a84220151cfa3bcdc055c755de32b6f66ee9efcf1c1e1f787f953bc31b93dd58c77fa59b03ef5838e873bbcef5906a72300ab186122275987
Score

3^/10

execution
behavioral23
- Target
  
  SRC/Phemedrone.Tools/Interface/InputSelection.cs
- Size
  
  4KB
- MD5
  
  27cbbefd1074a6bf9a253004f66a3cea
- SHA1
  
  2e5be95d6a522ccc876e5f8137961305e0aa1cbf
- SHA256
  
  ae4e53ff5af1cdb98a90610f4d6f95f320c83ce93d4a8443ff54e105d10a228d
- SHA512
  
  adc2e0a55cc39298cb7620e40b3cbf1c4f11a5b92d93dd330be5f29efe3c38f6847604e253a0c2dcc6cd0060ab25a942e2331e093deab0ae2c28e9bae4ad9d95
- SSDEEP
  
  96:Co4hVy+KTDT0cxoHMI5agoGWQD8O+a/mDjrD:Y+ihHMITJMR3
Score

3^/10

execution
behavioral24
- Target
  
  SRC/Phemedrone.Tools/Interface/OptionSelection.cs
- Size
  
  2KB
- MD5
  
  c5bbb503d6222fcc7cd763f7e438d565
- SHA1
  
  c9c59aced2c1508a3eccc3be9b405f2032a51bd7
- SHA256
  
  7597d1611c0771a0b549dee48ce0757a629cec416ddaca7faa231007bcc22a18
- SHA512
  
  5307169add9b325b6a72fb606ac4fa0e9803ed193a02f6c8e5e94384c02c0bbebf49a4adfed3b3a398cc48e747537487a2ac1d8fe05e9e7a22141a41b2424659
Score

3^/10

execution
behavioral25
- Target
  
  SRC/Phemedrone.Tools/LogDecryption/Phase.cs
- Size
  
  5KB
- MD5
  
  9ee0f0b4e562ebcee9967a8efb2f74c7
- SHA1
  
  c740d59cd7a87885ab8f204e5c6dfa9331ef62b0
- SHA256
  
  be5451bb5407eb0c24c34de175e637e89ec039156662f63e168f452adb5b7464
- SHA512
  
  c6a7b3746514317f1c652fdbafeedfaec2ace3c3d8465b2d60978948622d80a8dd1ac9caffb0fcec238de459180b82f09ade48430e64656341c5c656714d7ff3
- SSDEEP
  
  96:Co4hU2ncr6sDcEgqbWiYMDHHEeoslq4M8E6OoMxpHsW5c:Yb46sDXZCjMDE9sk4M3ZFHsQc
Score

3^/10

execution
behavioral26
- Target
  
  SRC/Phemedrone.Tools/Program.cs
- Size
  
  1KB
- MD5
  
  f6cbe06c9376f2a8482d6961a927d284
- SHA1
  
  0ad83fc174d2b20f7d541eca1ce4d2ec4162e076
- SHA256
  
  5544bb84e8750cab02b205b4df2731b7d3600cfde0cf42a0f5ffa4fd81f90f49
- SHA512
  
  ded671e06015f0a91942fbbbb4b9da0555cd78c744716558309f200aa6a83c15e981c1c085bbb68ef26e228e6fd9a11677318ecc137e98c58a6f22496f0893a3
Score

3^/10

execution
behavioral27
- Target
  
  SRC/Phemedrone.Tools/RsaClass.cs
- Size
  
  3KB
- MD5
  
  e0424dd8f4f8365a512aa396081b5b7e
- SHA1
  
  1e7623233f0a2d92a3442e8213ea0eeb84d4005c
- SHA256
  
  4abd9b52b48d481f90d3244ea5e50408f216de02131fdb4ac3b2a9d43a0ac6e8
- SHA512
  
  9a911734daf2da82b1b1c025af8e7983789fd873482b4422950f4992019305684e4ac0e9848f7d65d473bf80c7b4ecd67487635bc0696e1f3f80402cd1301404
Score

3^/10

execution
behavioral28
- Target
  
  SRC/Phemedrone.Tools/Xor/Decryption.cs
- Size
  
  683B
- MD5
  
  3c9fb2ae12ed50fe6a0ae9de782533cf
- SHA1
  
  dc46534e88e6aa718ef08daee39be96c011c3a0c
- SHA256
  
  f78c2264a54fe91f1ae163551a568c66765d807c01dc84cf781d2a43e0684914
- SHA512
  
  049789e332d32e8d6ea09a043beaafc89f163ca0cf35c05e9ea1886e41fb9c21b954f46434633abebbd249a345a9da39095b97b3004e74bae93461c80d9fb140
Score

3^/10

execution
behavioral29
- Target
  
  SRC/Phemedrone.Tools/Xor/Encryption.cs
- Size
  
  612B
- MD5
  
  d7af22e371a0f5bd593aa12f6fc34843
- SHA1
  
  180a3eac2ae9a9b2dbbea2c8fd6515999ee89712
- SHA256
  
  08113a6b7e8f5dee6f9cb15816439266d17aa6b7837d7ebe434d3203a3adac1f
- SHA512
  
  bc9539528a571738fa58598db3ae1b847f09c11f8def8cf42971516ae58568c2b4f48a45bbe372c62841c1bdc18d243524671f6df9b7d03609dfdd14ef4cdf27
Score

3^/10

execution
behavioral30
- Target
  
  SRC/Phemedrone.Tools/obj/Debug/Phemedrone.Tools.exe
- Size
  
  49KB
- MD5
  
  44eba6c5f5c583d8f3442be1e1b55deb
- SHA1
  
  7bb51485aab16884aa3df27caf8ef0d127dafa07
- SHA256
  
  db96dc2c790a7a579c04fca29caf67feaf40fceedef22de63db8f7f5cca0720c
- SHA512
  
  80670e99809dc96f7cebb15c6a467ae5c06340b1057e6b1c30b4823fc61086ca0ef5e0a42e39431df2872bc554fc7fd39c356a5c9c56f79134733c9706f1a8fc
- SSDEEP
  
  768:+KVKiuesDaf0pbPWdhO4GIVJ7njyRSV26r48nV88ke5FiJw+B:RYDaf0pfGJ7WRSCoZkQYh
Score

1^/10
behavioral31
- Target
  
  SRC/Phemedrone.Tools/obj/Release/Phemedrone.Tools.exe
- Size
  
  47KB
- MD5
  
  dc21f90545102e911129770ef224c79c
- SHA1
  
  4686c765a384e8be7d7fe27477045f417723ba2d
- SHA256
  
  7803e6d0145ade0c0c58cadeeb142b8dd63f9cfb345aaf8e9a3c0fc56fae0ab2
- SHA512
  
  2bc615c33af027670b88edeb0dce5701b086654865a6885b41f91799ae970a57c9b54a2805f0dceed485853147d0773a198d4d6ac327dcbc7db0771ff800e105
- SSDEEP
  
  768:9RTkUhuQLTwfwSCP61kSO+LR8YbpvdvHB4DYHxNIg6r488V82k698mn+N:vTlhuQLTwfw9Pak7+vpZGYHnlhNkM8mk
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32