Overview

overview

10

Static

static

1

SoundCloud.exe

windows7-x64

3

SoundCloud.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    alright prynce v2 fr.rar

  • Size

    135KB

  • Sample

    240520-v3ytkaae58

  • MD5

    6522c1ece1df708e08d37f9f354ce29d

  • SHA1

    5174670de1c95518ac9575d1717da2965542d89e

  • SHA256

    c63e9763cdc05db1a65d6bd24c540fffdbbdf658e82245ef0acbeabe0918b6c8

  • SHA512

    4f607c2f1e9ab172abe6929385582f27ee3e1ada57e15eabcdfeb4e2b2898c7e06962a2dcf1500263e38466affe153d4ffea03e01bf075297589a5c7ead066b4

  • SSDEEP

    3072:DfcVrYv3gFMFgGhjBJkYSdcrv9JcB1wuRvZ2EEEA5rc1AA78:Df3gFjGhjTYdeJa1xLlMrmt78

Score
10/10
phemedronespywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6719312271:AAE1QFaFTcG0HSHiQXVv7gdDUMwSNOPMadg/sendMessage?chat_id=-4194654645

Targets

    • Target

      SoundCloud.exe

    • Size

      182KB

    • MD5

      75c4a5f827b71f386c836a00155b349c

    • SHA1

      20a2552cd785f96049d4b524dd35c9897c3d9b1d

    • SHA256

      964883bdeb50388f7fe56cdadb3b81009ea8c0ad78bb2f832b267b163981acf9

    • SHA512

      add872232df95c4191be4c89b7ea25b64e395521c4d627759905bc34378353f0dffff2440156d58989e53bc0c331e97edb1415ddaba37c1cda92c82b61dd7584

    • SSDEEP

      3072:lbNz9GySF0OhwX5qnJTvT8mgA/8Pc2r+k7hqHrT4AIatAuJ1hLgsp5:JlEyC0KY5gqk8b+ghUEAIabKsp5

    Score
    10/10
    phemedronespywarestealer

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks