Overview

overview

10

Static

static

1

SoundCloud.exe

windows7-x64

3

SoundCloud.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SoundCloud.exe

  • Size

    182KB

  • Sample

    240520-v1ac7abb7v

  • MD5

    75c4a5f827b71f386c836a00155b349c

  • SHA1

    20a2552cd785f96049d4b524dd35c9897c3d9b1d

  • SHA256

    964883bdeb50388f7fe56cdadb3b81009ea8c0ad78bb2f832b267b163981acf9

  • SHA512

    add872232df95c4191be4c89b7ea25b64e395521c4d627759905bc34378353f0dffff2440156d58989e53bc0c331e97edb1415ddaba37c1cda92c82b61dd7584

  • SSDEEP

    3072:lbNz9GySF0OhwX5qnJTvT8mgA/8Pc2r+k7hqHrT4AIatAuJ1hLgsp5:JlEyC0KY5gqk8b+ghUEAIabKsp5

Score
10/10
phemedronespywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendMessage?chat_id=-4194654645

Targets

    • Target

      SoundCloud.exe

    • Size

      182KB

    • MD5

      75c4a5f827b71f386c836a00155b349c

    • SHA1

      20a2552cd785f96049d4b524dd35c9897c3d9b1d

    • SHA256

      964883bdeb50388f7fe56cdadb3b81009ea8c0ad78bb2f832b267b163981acf9

    • SHA512

      add872232df95c4191be4c89b7ea25b64e395521c4d627759905bc34378353f0dffff2440156d58989e53bc0c331e97edb1415ddaba37c1cda92c82b61dd7584

    • SSDEEP

      3072:lbNz9GySF0OhwX5qnJTvT8mgA/8Pc2r+k7hqHrT4AIatAuJ1hLgsp5:JlEyC0KY5gqk8b+ghUEAIabKsp5

    Score
    10/10
    phemedronespywarestealer

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks