phemedrone

Sharing

Copy URL

Twitter E-mail

General

Target

PhemedroneStealer V2.1.2.zip
Size

4.4MB
Sample

240517-t32d1sgf86
MD5

8b1f78cf9a1600b2a254d3ccad222855
SHA1

3f51aeee6001120881aaa10e3e7aaee7cc248b5c
SHA256

eaea60d86d378692e8630a5c575889f4f56de42200f034c761fe451d94c6d60d
SHA512

9c160302384b479bfa761bcf24c9c59310db6cd729c329f3415f7208f4a31d4b6d4980a6b3f169938897062c6b12d2356bd8705b25cee66155135da8d0be4135
SSDEEP

98304:/m6H5ifeBZc98UG5cND9G5w4HKwmVA6VCHeLMyDKYpKSm6HwKtUUMV71hwKvvIbz:Fofe7cKUJND9GnqwmVA6VC+4y5LQBDI/

Score

10^/10

Malware Config

Extracted

Family

phemedrone

127.0.0.1:1337

Targets

- Target
  
  COMPILED/Phemedrone.Tools.exe
- Size
  
  47KB
- MD5
  
  dc21f90545102e911129770ef224c79c
- SHA1
  
  4686c765a384e8be7d7fe27477045f417723ba2d
- SHA256
  
  7803e6d0145ade0c0c58cadeeb142b8dd63f9cfb345aaf8e9a3c0fc56fae0ab2
- SHA512
  
  2bc615c33af027670b88edeb0dce5701b086654865a6885b41f91799ae970a57c9b54a2805f0dceed485853147d0773a198d4d6ac327dcbc7db0771ff800e105
- SSDEEP
  
  768:9RTkUhuQLTwfwSCP61kSO+LR8YbpvdvHB4DYHxNIg6r488V82k698mn+N:vTlhuQLTwfw9Pak7+vpZGYHnlhNkM8mk
Score

1^/10
behavioral1 behavioral2
- Target
  
  SRC/Phemedrone-Stealer/obj/Release/system.exe
- Size
  
  91KB
- MD5
  
  15a810be0d5c598c59ddb621d308a5c9
- SHA1
  
  f1b30abb12046f6734db19e173799d16ef554e3a
- SHA256
  
  1321de928a9b619fe8f641ca4e3bd1b1c6d3a7448b1d6d0acceab24cf80bbc00
- SHA512
  
  b618c3476a6f2cbedd583da9ede17bd7a4d98128411ac6de702e1aeca96e25358f267616d7a07f45ee7b76acdc7529c6e949a9234d5df4539621d312694e9d8f
- SSDEEP
  
  1536:Y/GjnCSHEVtMpewUtTirGy7+I5vkGHGIXwEKG1zXY:Y/GjnC8pBG65cCGgwEKG10
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4
- Target
  
  SRC/Phemedrone.Panel/ComparableIpAddress.cs
- Size
  
  833B
- MD5
  
  b4b62c1ee9b8d4e55fb7bcc67ba1edd6
- SHA1
  
  af7dc6b71bff14d5fa9316d6652f131c898c5ec8
- SHA256
  
  af1a3aabeaf20d0f43fd41f19dc31c6da8a9edd090f57e55c5913b2acf002fce
- SHA512
  
  abbb32f858c1ecfa2876ccb39b0b8c7c23c54bc6f419ea6c31d1b4f915d364dc907b0a37913fc55b4943ee20e3c4320fa6e397624f4649ad923378557c36cb58
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  SRC/Phemedrone.Panel/ConsoleTable.cs
- Size
  
  15KB
- MD5
  
  0f58f4e7a6cdd45346e672e11b943379
- SHA1
  
  198d4caab50b254a864076fdf78aa0cf8ec8ecf9
- SHA256
  
  ac6851a436d5c2da34357948d7da7401ddfe28139f7f2efdb0c47783780baa7c
- SHA512
  
  6162c915e2d402bce54bb1743625babcfb5ed28efd0fc4ff816d305b6b4d32dd9510eab52bf66f07cb48bbb605d0605854a8fc056be43a68aaf790ade88efe08
- SSDEEP
  
  384:O0OzKY39pRir0aVcZFblT1GtuFjTsHalz2:f0aVcZFb1AtSjualy
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  SRC/Phemedrone.Panel/DatabaseWorker.cs
- Size
  
  2KB
- MD5
  
  0e0a47041f10985f45e10f5aa7e177d5
- SHA1
  
  e5c2dd12ee1e81c556a1a8609253e94bb4c79bdb
- SHA256
  
  7539dca40454008cf2a4ef7b759b8973ebfa027b63580542847b73ecaa96a233
- SHA512
  
  ea5347113f1d70e6745e9279c212e8806d7f7e3abc02bc712bf6839738bb669af1b46195505ac461b5caa52d25849a1b66f90961aa2069b10d7c41d84efb589f
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  SRC/Phemedrone.Panel/Program.cs
- Size
  
  3KB
- MD5
  
  09a9ba3e3cc5ec8b7ee4bfb6cdb37856
- SHA1
  
  432c854061c19f46a6a5d3238a124be6fbe4cb7c
- SHA256
  
  c197e3373aa76f50260fb556482c7f9b3ddaf1aee066784fbd8e2762674f1126
- SHA512
  
  981be0b663aaf0fbcd965298c51a5f836bffe091cefeb30168eefe6864d6c0ad73ef3db8588e000fd41344d15e41145769ae2b39af259ee4e1a1d56a66e6abca
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  SRC/Phemedrone.Panel/TcpServer.cs
- Size
  
  2KB
- MD5
  
  e338ae3d43bf11e19c4385c377658f76
- SHA1
  
  ac1bb00c838f71abbb26e7c606d0c0b963f8547f
- SHA256
  
  ddf8e68cefc53cd5f9e128d8d230d428f646ee9e6dbe9480baf7d2a94e59ce72
- SHA512
  
  d41c2f3bfde31d1f123383d5c40699e841a89348949a33cc402951fe85421b7af5d47b36c8878c586c7b559ac4b6b41abb1dcd2ba94a7b44f5284eba11347060
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  SRC/Phemedrone.Panel/obj/Debug/net7.0/Phemedrone.Panel.dll
- Size
  
  31KB
- MD5
  
  55a0c6b4690ba8fae321d2b1c8939141
- SHA1
  
  f210cad92ffeccd68ab2e02b7d1ce9c12e2194ee
- SHA256
  
  2092b040b58a6f18784c3f141e24a8203cdae241c52322b08818531a9f0952cc
- SHA512
  
  01f25519012d2bf97a7290949e161b7daded77d6e4bf9e046c51df43aaf6b33aab2fc659e611cbcaa44a5ce0312fd398603b2dd3803fc4d39fd232ce1ff5578e
- SSDEEP
  
  768:+5mBvLDW+km1UgPZqXwFXju+e3LoTUTHe:5HRkwxEyXjuvLCUT+
Score

1^/10
behavioral15 behavioral16
- Target
  
  SRC/Phemedrone.Panel/obj/Debug/net7.0/apphost.exe
- Size
  
  154KB
- MD5
  
  6de535fa3063701a30a7aab0bf155efc
- SHA1
  
  e7c3967126851438e90b2edc4be737f1cd81d65b
- SHA256
  
  0a4420edb3c8446549b5c0c7a91ec69f2afc7d150fcaf5271d2c842d2fa58542
- SHA512
  
  80da269d860154d41cca873e4a73ef49009d6394a275052316ee596bf66bbab2745b337d885fea806c845cfca6818a26463cc86148d6ace52eb80f90630a34d3
- SSDEEP
  
  3072:SGCVxf7JX53dRZfeUlU8TkiIhm6gypSevM77WK1iWca3x:SVVTR1euN6pSeveWKIza3
Score

1^/10
behavioral17 behavioral18
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/apphost.exe
- Size
  
  154KB
- MD5
  
  510f5cbf20100283d9aa992f3c9d626d
- SHA1
  
  382db89d967c6d429e89a7a1c55e114fa5bfdb55
- SHA256
  
  4ffb422a99308c672aecf5be26c1eeb5a9d48d566937b274e86875c713523cd6
- SHA512
  
  af53a820a0fad9d397aa16370a9c772254820fcb031743ca022c5429c57e59ca060d0f322c9451a60eb5511be50468e04abe3460ebc8a19917a7c15f35deb9aa
- SSDEEP
  
  3072:aGCVxf7JX53dRZfeUlU8TkiIhm6gypSevM77WK1iWca31:aVVTR1euN6pSeveWKIza3
Score

1^/10
behavioral19 behavioral20
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/ref/Phemedrone.Panel.dll
- Size
  
  10KB
- MD5
  
  873f0714b649425a377634609853497b
- SHA1
  
  7267b74810f587becc3fbe9630640ac85b05dcdc
- SHA256
  
  f52b37f28b71f17969d74a3fb52fefee87556642916a9f3e40ebe46dff5a4181
- SHA512
  
  30712327b9c4ef56fe9f3039b9476989871378b57af798a4a813cb52b32a8471270d2d3e8609d6629d4734e6e0e8a1ef925fc968fd9e0b8551832ddb2a709d81
- SSDEEP
  
  192:cfdT5BbRRRRRRRRRRRRUPYvrQTE3J1xwt1GY64a8FbZtLb:ELqPYvMoJ181GY64dp
Score

1^/10
behavioral21 behavioral22
- Target
  
  SRC/Phemedrone.Panel/obj/Release/net7.0/refint/Phemedrone.Panel.dll
- Size
  
  10KB
- MD5
  
  873f0714b649425a377634609853497b
- SHA1
  
  7267b74810f587becc3fbe9630640ac85b05dcdc
- SHA256
  
  f52b37f28b71f17969d74a3fb52fefee87556642916a9f3e40ebe46dff5a4181
- SHA512
  
  30712327b9c4ef56fe9f3039b9476989871378b57af798a4a813cb52b32a8471270d2d3e8609d6629d4734e6e0e8a1ef925fc968fd9e0b8551832ddb2a709d81
- SSDEEP
  
  192:cfdT5BbRRRRRRRRRRRRUPYvrQTE3J1xwt1GY64a8FbZtLb:ELqPYvMoJ181GY64dp
Score

1^/10
behavioral23 behavioral24
- Target
  
  SRC/Phemedrone.Tools/Builder/ConstantChanger.cs
- Size
  
  6KB
- MD5
  
  0b3d40152059e7c7e6b5619274875121
- SHA1
  
  d15bfc0332d89b090e3e943d9aaeb3299ba42d72
- SHA256
  
  60dd70a6e4b08a49eb2263a79265074ebbe3c4dcfb7cfb98a2100eecedf81fac
- SHA512
  
  25ce6fa39bbd6ae9251f496f6b8c5c430ffb68c0fe1d0cc230a7e6b028dca40bcb998d478e8b738aca27c359b485e3cbfc98a636b87a84eca0e6ca9fcc0061b6
- SSDEEP
  
  96:Co4+4h2Igt2CFfvTVDh8FTFOFnn5VFFN4yZ:YpUJ5JvTWxo5bFN4yZ
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  SRC/Phemedrone.Tools/Builder/Injection.cs
- Size
  
  9KB
- MD5
  
  d419d309ad997c99b2cb99d91b86b17a
- SHA1
  
  04dc9bda1c4cbbb3911a9cead217ec5e702f5e1b
- SHA256
  
  174e4790f88c829f9a45418ac506596a32536316ce3c1a3e24f3737ef857ac7e
- SHA512
  
  9b3416675cf3da7b6b604579418f72ef00f2e2c6f0c0e621f8ce3117007bd8f9054e7b6e977224e0497bd18f17d20d186439fdc956d628fe4a435ef5c5d4ac61
- SSDEEP
  
  192:YUyrrf7FfHM3q8R5t4a9GmFTKZFsMlvooqSqvX:Yzrj7FfHM3q8R5ea9dkZFsMlA
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  SRC/Phemedrone.Tools/Builder/Phase.cs
- Size
  
  5KB
- MD5
  
  4e10ae7c869028119fc790b192d0790e
- SHA1
  
  bf2508be646cab1f717e77271d70b6b4c9312a00
- SHA256
  
  a8dc7010ef15d7ef0b6433404f20269d77cba8bb567e438b01e5bb98cd8e9ee5
- SHA512
  
  fca5058badbfdd93e0a1a3619ec42fab1a66a484de2135640cc671a4aa7e4a80e7c53258561999af636bfc06750064295b4a1046cd553fd2d91281fa48a12a40
- SSDEEP
  
  96:Co4hU2nGAQMxsr7VGOhjLUeGaZZnhMxt46/hVXgisY:YbLQ1RJyQTJ6ZRgQ
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  SRC/Phemedrone.Tools/Builder/RandomValues.cs
- Size
  
  1KB
- MD5
  
  5976a821edf3629804f8a4f95879e438
- SHA1
  
  0382f903529ac640e6a5e3d412698609330cd89a
- SHA256
  
  02e42dc3067cdfee6d7e981816d5f73a4a16c991f2c3fc353f31ff064fa82f34
- SHA512
  
  3942050767a3e943e6b2cef4d8a738d53315450a662a6f27a7705b81281fe9fae4d70b4a815c3ec7c9b8244bbfec1ff953eb9ff9ffca78995023d182b4c8bb29
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32