phemedrone | 1af12da85652a16a3b4b42aabe905ce35ae4784586d06a33859753d5e89d6c22 | Triage

Sharing

General

Target

system.exe
Size

101KB
Sample

240628-vlttaazfkk
MD5

026c873c2746cf3f35895d7625a04416
SHA1

54e3429a356f8bb31be6e837bea0aa120d712df7
SHA256

1af12da85652a16a3b4b42aabe905ce35ae4784586d06a33859753d5e89d6c22
SHA512

799e681097f815b3a8b0c996187555459861a0434f1620872185a81da898b083fe4c162df9dd0f24c00995848f862ff8bd8e67772d916118c137c72fd225ac6f
SSDEEP

1536:6MGyQBW6bp0fNmDtBAJeoQPK+e6+T9HYr0FkWe6+DL5vda/WrNFVwEKwzu55kCq:6pyYLLy+7+T9HoWepn5FaOrN3wEK8uq

Score

10^/10

phemedrone spyware stealer

Malware Config

Targets

- Target
  
  system.exe
- Size
  
  101KB
- MD5
  
  026c873c2746cf3f35895d7625a04416
- SHA1
  
  54e3429a356f8bb31be6e837bea0aa120d712df7
- SHA256
  
  1af12da85652a16a3b4b42aabe905ce35ae4784586d06a33859753d5e89d6c22
- SHA512
  
  799e681097f815b3a8b0c996187555459861a0434f1620872185a81da898b083fe4c162df9dd0f24c00995848f862ff8bd8e67772d916118c137c72fd225ac6f
- SSDEEP
  
  1536:6MGyQBW6bp0fNmDtBAJeoQPK+e6+T9HYr0FkWe6+DL5vda/WrNFVwEKwzu55kCq:6pyYLLy+7+T9HoWepn5FaOrN3wEK8uq
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronespywarestealer

behavioral2

phemedronespywarestealer