phemedrone | a637b82debf0e7c1b3167b921d7cb7386f80b399ae5c23e7fd342e3873977870 | Triage

Submit
Reports

Overview

overview

Static

static

1

2v6pTG.html

windows7-x64

1

2v6pTG.html

windows10-2004-x64

Resubmissions

28-05-2024 17:38

240528-v7t16sde7z 10

Sharing

General

Target

2v6pTG
Size

500B
Sample

240528-v7t16sde7z
MD5

628907342bd222d29d8ee5a7af8474b9
SHA1

55aa19207183854c9eff6004675392db4cb743e4
SHA256

a637b82debf0e7c1b3167b921d7cb7386f80b399ae5c23e7fd342e3873977870
SHA512

8fbb7d78a21584cfbcb78ead273f120e85e54294eb42aa131f8245a4fdf28d6d3bfeb3fa47df3fdb3645d8c6c912eedcf95c8bfae341d7ad98b159afbae4d49f

Score

10^/10

phemedrone xworm execution rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2v6pTG.html

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2v6pTG.html

Resource

win10v2004-20240426-en

phemedrone xworm execution rat stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

yXLtzgVbIXdYh5zs

Attributes

install_file
USB.exe
pastebin_url
http://pastebin.com/raw/e2U0xTFK

aes.plain

Targets

- Target
  
  2v6pTG
- Size
  
  500B
- MD5
  
  628907342bd222d29d8ee5a7af8474b9
- SHA1
  
  55aa19207183854c9eff6004675392db4cb743e4
- SHA256
  
  a637b82debf0e7c1b3167b921d7cb7386f80b399ae5c23e7fd342e3873977870
- SHA512
  
  8fbb7d78a21584cfbcb78ead273f120e85e54294eb42aa131f8245a4fdf28d6d3bfeb3fa47df3fdb3645d8c6c912eedcf95c8bfae341d7ad98b159afbae4d49f
Score

10^/10

phemedrone xworm execution rat stealer trojan
- Detect Xworm Payload
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

phemedronexwormexecutionratstealertrojan

© 2018-2024

Terms | Privacy