phemedrone | 5478a721d309ab4ffe6a982f83fb9a8be37b44bbcb32f45e0fb08a1bf6a573e0 | Triage

Sharing

General

Target

dbd0ba5ea83428ebbbd90dfc84fa2540_NeikiAnalytics.exe
Size

101KB
Sample

240616-gyfkjasejg
MD5

dbd0ba5ea83428ebbbd90dfc84fa2540
SHA1

10c96556e476c224ca4860487ce12b2a65a50b29
SHA256

5478a721d309ab4ffe6a982f83fb9a8be37b44bbcb32f45e0fb08a1bf6a573e0
SHA512

3d738309dadc060a9d6a9a45048f75b8acd208e6c5c46c088372d86aed83585f0d59a69faecfa4fd717b1a4cf88b75acee5ed677dc00ffcdc0175aa193b448be
SSDEEP

1536:yzywg88dMGw3qSxfqNU3tBAo+oQPKghZq+TjHqdMWe6+DL5vda/WruFVwEKwNuwx:G/86ZuLyMY+TjHYepn5FaOru3wEK2uO

Score

10^/10

phemedrone spyware stealer

Malware Config

Targets

- Target
  
  dbd0ba5ea83428ebbbd90dfc84fa2540_NeikiAnalytics.exe
- Size
  
  101KB
- MD5
  
  dbd0ba5ea83428ebbbd90dfc84fa2540
- SHA1
  
  10c96556e476c224ca4860487ce12b2a65a50b29
- SHA256
  
  5478a721d309ab4ffe6a982f83fb9a8be37b44bbcb32f45e0fb08a1bf6a573e0
- SHA512
  
  3d738309dadc060a9d6a9a45048f75b8acd208e6c5c46c088372d86aed83585f0d59a69faecfa4fd717b1a4cf88b75acee5ed677dc00ffcdc0175aa193b448be
- SSDEEP
  
  1536:yzywg88dMGw3qSxfqNU3tBAo+oQPKghZq+TjHqdMWe6+DL5vda/WruFVwEKwNuwx:G/86ZuLyMY+TjHYepn5FaOru3wEK2uO
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronespywarestealer

behavioral2

phemedronespywarestealer