eaea60d86d378692e8630a5c575889f4f56de42200f034c761fe451d94c6d60d

Submit
Reports

Overview

overview

Static

static

SRC/Phemed...em.exe

windows10-2004-x64

SRC/Phemed...ess.js

windows10-2004-x64

SRC/Phemed...ble.js

windows10-2004-x64

SRC/Phemed...ker.js

windows10-2004-x64

SRC/Phemed...ram.js

windows10-2004-x64

SRC/Phemed...ver.js

windows10-2004-x64

SRC/Phemed...el.exe

windows10-2004-x64

SRC/Phemed...st.exe

windows10-2004-x64

SRC/Phemed...el.exe

windows10-2004-x64

SRC/Phemed...el.exe

windows10-2004-x64

SRC/Phemed...el.exe

windows10-2004-x64

SRC/Phemed...st.exe

windows10-2004-x64

SRC/Phemed...el.exe

windows10-2004-x64

SRC/Phemed...el.exe

windows10-2004-x64

SRC/Phemed...ger.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ase.js

windows10-2004-x64

SRC/Phemed...ues.js

windows10-2004-x64

SRC/Phemed...mer.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...dow.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ase.js

windows10-2004-x64

SRC/Phemed...ram.js

windows10-2004-x64

SRC/Phemed...ass.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ion.js

windows10-2004-x64

SRC/Phemed...ls.exe

windows10-2004-x64

SRC/Phemed...ls.exe

windows10-2004-x64

Analysis

max time kernel
143s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 16:31

Sharing

Copy URL

Twitter E-mail

Static task

static1

phemedrone

2 signatures

Behavioral task

behavioral1

Sample

SRC/Phemedrone-Stealer/obj/Release/system.exe

Resource

win10v2004-20240426-en

phemedrone spyware stealer

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SRC/Phemedrone.Panel/ComparableIpAddress.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

SRC/Phemedrone.Panel/ConsoleTable.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

SRC/Phemedrone.Panel/DatabaseWorker.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

SRC/Phemedrone.Panel/Program.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

SRC/Phemedrone.Panel/TcpServer.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

SRC/Phemedrone.Panel/obj/Debug/net7.0/Phemedrone.Panel.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

SRC/Phemedrone.Panel/obj/Debug/net7.0/apphost.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

SRC/Phemedrone.Panel/obj/Debug/net7.0/ref/Phemedrone.Panel.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

SRC/Phemedrone.Panel/obj/Debug/net7.0/refint/Phemedrone.Panel.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

SRC/Phemedrone.Panel/obj/Release/net7.0/Phemedrone.Panel.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

SRC/Phemedrone.Panel/obj/Release/net7.0/apphost.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

SRC/Phemedrone.Panel/obj/Release/net7.0/ref/Phemedrone.Panel.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

SRC/Phemedrone.Panel/obj/Release/net7.0/refint/Phemedrone.Panel.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

SRC/Phemedrone.Tools/Builder/ConstantChanger.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

SRC/Phemedrone.Tools/Builder/Injection.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

SRC/Phemedrone.Tools/Builder/Phase.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral18

Sample

SRC/Phemedrone.Tools/Builder/RandomValues.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

SRC/Phemedrone.Tools/Builder/Renamer.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

SRC/Phemedrone.Tools/Builder/StringObfuscation.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

SRC/Phemedrone.Tools/Interface/ArraySelection.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

SRC/Phemedrone.Tools/Interface/BooleanSelection.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral23

Sample

SRC/Phemedrone.Tools/Interface/IWindow.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

SRC/Phemedrone.Tools/Interface/InputSelection.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

SRC/Phemedrone.Tools/Interface/OptionSelection.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

SRC/Phemedrone.Tools/LogDecryption/Phase.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

SRC/Phemedrone.Tools/Program.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

SRC/Phemedrone.Tools/RsaClass.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

SRC/Phemedrone.Tools/Xor/Decryption.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

SRC/Phemedrone.Tools/Xor/Encryption.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

SRC/Phemedrone.Tools/obj/Debug/Phemedrone.Tools.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

SRC/Phemedrone.Tools/obj/Release/Phemedrone.Tools.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

SRC/Phemedrone.Tools/obj/Debug/Phemedrone.Tools.exe
Size

49KB
MD5

44eba6c5f5c583d8f3442be1e1b55deb
SHA1

7bb51485aab16884aa3df27caf8ef0d127dafa07
SHA256

db96dc2c790a7a579c04fca29caf67feaf40fceedef22de63db8f7f5cca0720c
SHA512

80670e99809dc96f7cebb15c6a467ae5c06340b1057e6b1c30b4823fc61086ca0ef5e0a42e39431df2872bc554fc7fd39c356a5c9c56f79134733c9706f1a8fc
SSDEEP

768:+KVKiuesDaf0pbPWdhO4GIVJ7njyRSV26r48nV88ke5FiJw+B:RYDaf0pfGJ7WRSCoZkQYh

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\SRC\Phemedrone.Tools\obj\Debug\Phemedrone.Tools.exe
"C:\Users\Admin\AppData\Local\Temp\SRC\Phemedrone.Tools\obj\Debug\Phemedrone.Tools.exe"
1⤵
PID:4988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4988-0-0x0000000074EDE000-0x0000000074EDF000-memory.dmp

Filesize
4KB

Download
memory/4988-1-0x0000000000A40000-0x0000000000A52000-memory.dmp

Filesize
72KB

Download
memory/4988-2-0x0000000074EDE000-0x0000000074EDF000-memory.dmp

Filesize
4KB

Download