phemedrone

Sharing

Copy URL

Twitter E-mail

General

Target

PhemedroneStealerV2.1.2.zip.bin
Size

4.4MB
Sample

240518-gwdcdsfa9s
MD5

8b1f78cf9a1600b2a254d3ccad222855
SHA1

3f51aeee6001120881aaa10e3e7aaee7cc248b5c
SHA256

eaea60d86d378692e8630a5c575889f4f56de42200f034c761fe451d94c6d60d
SHA512

9c160302384b479bfa761bcf24c9c59310db6cd729c329f3415f7208f4a31d4b6d4980a6b3f169938897062c6b12d2356bd8705b25cee66155135da8d0be4135
SSDEEP

98304:/m6H5ifeBZc98UG5cND9G5w4HKwmVA6VCHeLMyDKYpKSm6HwKtUUMV71hwKvvIbz:Fofe7cKUJND9GnqwmVA6VC+4y5LQBDI/

Score

10^/10

Malware Config

Extracted

Family

phemedrone

127.0.0.1:1337

Targets

- Target
  
  COMPILED/Phemedrone.Tools.exe
- Size
  
  47KB
- MD5
  
  dc21f90545102e911129770ef224c79c
- SHA1
  
  4686c765a384e8be7d7fe27477045f417723ba2d
- SHA256
  
  7803e6d0145ade0c0c58cadeeb142b8dd63f9cfb345aaf8e9a3c0fc56fae0ab2
- SHA512
  
  2bc615c33af027670b88edeb0dce5701b086654865a6885b41f91799ae970a57c9b54a2805f0dceed485853147d0773a198d4d6ac327dcbc7db0771ff800e105
- SSDEEP
  
  768:9RTkUhuQLTwfwSCP61kSO+LR8YbpvdvHB4DYHxNIg6r488V82k698mn+N:vTlhuQLTwfw9Pak7+vpZGYHnlhNkM8mk
Score

1^/10
behavioral1 behavioral2
- Target
  
  COMPILED/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  5cc2bb48b5e8c8ac0b99669401d15456
- SHA1
  
  02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e
- SHA256
  
  648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea
- SHA512
  
  2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420
- SSDEEP
  
  24576:/bN7xZgKVl/N12pljD7DM2l8xs5A/zYv7flNcK:DyJXn3ML7G
Score

1^/10
behavioral3 behavioral4
- Target
  
  COMPILED/stub/stub
- Size
  
  91KB
- MD5
  
  15a810be0d5c598c59ddb621d308a5c9
- SHA1
  
  f1b30abb12046f6734db19e173799d16ef554e3a
- SHA256
  
  1321de928a9b619fe8f641ca4e3bd1b1c6d3a7448b1d6d0acceab24cf80bbc00
- SHA512
  
  b618c3476a6f2cbedd583da9ede17bd7a4d98128411ac6de702e1aeca96e25358f267616d7a07f45ee7b76acdc7529c6e949a9234d5df4539621d312694e9d8f
- SSDEEP
  
  1536:Y/GjnCSHEVtMpewUtTirGy7+I5vkGHGIXwEKG1zXY:Y/GjnC8pBG65cCGgwEKG10
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  SRC/Phemedrone-Stealer/Classes/Asn1DerObject.cs
- Size
  
  1KB
- MD5
  
  97375f2d0325dacce3000bf92d8175be
- SHA1
  
  0a229b5a0d8c18b6540321c80b8c7a3fcb0f0ad3
- SHA256
  
  57c6e3a40c07239eb9cb8e8ec0e622cee4e93db37b566199863ca501fa0b600d
- SHA512
  
  e9c0c7aa3e2da32347eff80d1dee4400b7e5dc45c23e418cdc9585cefc6de1f48423483cc4cc80de8859708df285de66e9a78b187e89300850fc6ccb8cbf5008
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  SRC/Phemedrone-Stealer/Classes/BCrypt.cs
- Size
  
  2KB
- MD5
  
  b2b5f50ac27244c9a9b5340911578f6b
- SHA1
  
  e6f547e0eeb03423304d6791ab32d1d559c1abf7
- SHA256
  
  aa065a1917db78d97660b93a2a858fa27171cd2a62dcff7844af9a967a7403dd
- SHA512
  
  75978d5b5185d4b7147666604a6c47bb6770ba20904d5854980b285278512d5c9077ce6a0a6339d6cf7551661a30cc26c8adf0e4d2f1515a1f659dcefdb41435
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  SRC/Phemedrone-Stealer/Classes/BerkeleyDB.cs
- Size
  
  3KB
- MD5
  
  852f2f13735a13e5dfa70c3cb11dea27
- SHA1
  
  0161ad4608e136f7e05a2aa9bb78dd2ae64722df
- SHA256
  
  dbacabbeabfc2d2cd62a63323799dc1aa895306f9ce6d432ab8e316ada5ca383
- SHA512
  
  e0b93fa00d1c9b7540decedb64d1c8d43ee1559acf4f91474b480570d904f460e905fa38d9a2e5eea810a74c3d541ea7ccd8c4e0d556cd846662b09d637ed657
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/AesGcm.cs
- Size
  
  7KB
- MD5
  
  89c7e40789bd631483ecafbc1efc4660
- SHA1
  
  da14521bab77326cbdf6088a1d2dff1f003a6ed7
- SHA256
  
  120fcd4e10c3d70d0371f80fdd5d743e00c406020e1dd1fa60cdc101525d1764
- SHA512
  
  a4a964001897519801c6aa28dcc805985ea426c35d881e2239a1c73ffc9a8b676fd62409ce8a5614d1efb207cc01c510bc38554c04b55794adac85528600f07e
- SSDEEP
  
  96:Co4D2n1cWxZbc5J1GoerqXb4lnlbSwcOOlXOsRSOl0lClWRtyvJMYWkW0lUg6lD8:YqXxe5J1GoeO0lbGh90euiUg2ZqXSHtY
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/Asn1Der.cs
- Size
  
  4KB
- MD5
  
  06a4bdcec6e0249c8237a8e61fad8989
- SHA1
  
  6438c8f187f6b3eac6535a65b9e9efa188eb31e4
- SHA256
  
  cde40254851775ff20e1fbf90bbc6625634e006681b129c229d3733dc2133a8c
- SHA512
  
  4718f4d0a5c34c3a90c7ffd101ce480c49e04db0edaa229f9299de9e7eb517ab4bdba6e3e9ba7c23cb0a305e3ce56fc9c525c48982cfd0db379e66e2dad707d6
- SSDEEP
  
  24:CF83J6tQPIZ8RQzhbvNpCREfmFkztGsajhPmDAHCtg3sjJ4ePmn4DcAHCtW4jpPj:CAlRIRbAH2/4V4wAH2QAH2fm
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/DpApi.cs
- Size
  
  3KB
- MD5
  
  520dbdd02da7cf59b2b65f67a27d9a47
- SHA1
  
  859607a4e81fa90195a63a26d1b66036bb95522c
- SHA256
  
  2690a339ea7e22dff70408ad086785180c35a2d8d7b817a06cb41d9ba502e0b4
- SHA512
  
  7d6118245831c74b0e5302b9c997647e8eddbc34286163ba77d4abeed6bcf1bd8262686f872de836e25a62772f0c48d9e2b46e810f6631fdbe68e275ed80fafb
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/Hashing/PBE.cs
- Size
  
  1KB
- MD5
  
  da9e6a74d8fd919be018d94bb7cc27b2
- SHA1
  
  2fea0427b2a6ad86fbb7d354add4099e8be67580
- SHA256
  
  5d5c8279cf8358d49b9dba09ec7388477ae728ee10448505f7fed483d5c73556
- SHA512
  
  f7a842a675c7d3137cf519bac8b7e503c1c0c825f0c3732ccee81c4359395576ca1f609082d91b264b4a459a19c9522cf95474e5e5c77829d98d234f891e0246
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/Hashing/PBKDF2.cs
- Size
  
  3KB
- MD5
  
  762cdc55db2ab269b103fd44dc48e268
- SHA1
  
  cbc49d291655f917f89fc95b888a6c8e80f3bca5
- SHA256
  
  cadaf9895c807ff28e192660fb2aca03ce4868c643ee993474f7dc7ca36d797c
- SHA512
  
  e5505ec5eb7cde4e8669047f6a9065944edec53df60cb6a1a243a51bb428edb166caf80276a3a95b6411649ecdfa495f41344a6e4ddf016ca150cb082f567fb9
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/Helpers.cs
- Size
  
  654B
- MD5
  
  130189e40cc697ab171bedbedf1e78eb
- SHA1
  
  ed9f9075715ee9f1722f17f83ec5e465836a7726
- SHA256
  
  8d15f3a24d9c134052c69fcc812db04176cdbd33e21e8787d6ded4f1aa1199de
- SHA512
  
  5d58233dacff2a10d512586508c0631d8871a5fc5bb05a256fc227f756a4fb1464594ee4b4e01310cd7dd0a2dc4255be9651621b542b35e3fde42592f246fc08
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  SRC/Phemedrone-Stealer/Cryptography/TripleDes.cs
- Size
  
  7KB
- MD5
  
  10f7b713cd0a2bd977a4151b50433fce
- SHA1
  
  dfb667999597d906cf93808ea8f3c05342b8c53e
- SHA256
  
  6939819008e8cd0fec8f2bbe200e613e3c3dd1bef4afeedea3c7844faee2d66f
- SHA512
  
  296f4244ce8a00a3aab0228e1b35dcf6919949600793c54fcdf9dd08cf4a4de45b37e1e38e98ddc92144e50b20e4a1e6a285a8eed3f807d9f29d4ed844833293
- SSDEEP
  
  96:CoUiPB+jhhJXMX899XM3A7taEjvPcjEjvPxFe:1w7lxp97taUXaUXS
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  SRC/Phemedrone-Stealer/Extensions/BrowserHelpers.cs
- Size
  
  6KB
- MD5
  
  94ea71d2d031f2dfd73dea044718fbe9
- SHA1
  
  67b2c67007717361ae92f6677f67f10364fbc512
- SHA256
  
  ac8e2719a516ee983cf29681ba8f7abe186098f0002fe48489c562c110e960b7
- SHA512
  
  c85dfb1ff8739382d762ae25efd9f6252506d13b3aaacfdb4a3e3d20a219317828c28c3438894531829657bb6f97b0a4bc610be743b9e52db5becba5e98c895c
- SSDEEP
  
  96:Co4hU2nXPy68fhEl7In8C1QBeIw7FqLH/F9d0gggmoR+DrcrJpIYIe:Yb/y685El7/iHIw7Fa74Pe
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  SRC/Phemedrone-Stealer/Extensions/FileManager.cs
- Size
  
  1KB
- MD5
  
  09db2d64d0cb75ebc338f65b2e61dc0e
- SHA1
  
  e7ba43d959f835b277ca8f5dd204a254a9f2f0c1
- SHA256
  
  cf9879ac11901053258ead4f2c88647e238fcf8238e89f8ef94f9b84efd73997
- SHA512
  
  7c550b4328dcd5f4130f6a72764ce1e080c81425bdea18d46bd6905d735ee61e0ee3ebc8eea53d8dbd9f2bb440293521582b49dd98c465b47fdae0bed4ccea68
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  SRC/Phemedrone-Stealer/Extensions/ImportHider.cs
- Size
  
  1KB
- MD5
  
  be49c747846cb56ec02891cf5709c9bc
- SHA1
  
  f7a6d5ca54d57000e8d3737a517dc43b0a660244
- SHA256
  
  83fd75744b115ad1c28f75a86915bcedbe863db5572d7755e92236e933354de6
- SHA512
  
  eccbf8d4a93be646ed0656fc9b627121a4decaac91f13156a4cc6bc8f3525eb61d208e03acc1a7417f309146f66996aa493011cb3fd2bc4674360a1607737149
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads data files stored by FTP clients

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32