phemedrone | a263a46b2e8e46c8d1a9d1202e8b6c10f818a743bd8337e0ef2e6b130a0cf100 | Triage

Sharing

General

Target

RarExtInstaller.exe
Size

748KB
Sample

240704-b71deaxhnq
MD5

683bb5cff5289f284448f387d5f1d531
SHA1

002e36e7321ceb50d44158bcfcae59575ee63da1
SHA256

a263a46b2e8e46c8d1a9d1202e8b6c10f818a743bd8337e0ef2e6b130a0cf100
SHA512

9c8b2667a67f6491221cb466932f27f0cc1ff7f49936b274dbfd99697452a7493a49f82ace54473c1d59ff99d5629f230fee9d5a88b16349a7e88d140a05f69d
SSDEEP

12288:V6AlwuMQ7p28E3F+ldQCg30ggGposKwWMSyAv33DALt4SQq7teFSd3ud1tgzoaBw:vlwOldQCg30lUosKwWMSP3DAL/p7tePN

Score

10^/10

phemedrone spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7274515778:AAEx4SxiDLjUG8dht4Cac1HVmxqTSwD_yL4/sendDocument

Targets

- Target
  
  RarExtInstaller.exe
- Size
  
  748KB
- MD5
  
  683bb5cff5289f284448f387d5f1d531
- SHA1
  
  002e36e7321ceb50d44158bcfcae59575ee63da1
- SHA256
  
  a263a46b2e8e46c8d1a9d1202e8b6c10f818a743bd8337e0ef2e6b130a0cf100
- SHA512
  
  9c8b2667a67f6491221cb466932f27f0cc1ff7f49936b274dbfd99697452a7493a49f82ace54473c1d59ff99d5629f230fee9d5a88b16349a7e88d140a05f69d
- SSDEEP
  
  12288:V6AlwuMQ7p28E3F+ldQCg30ggGposKwWMSyAv33DALt4SQq7teFSd3ud1tgzoaBw:vlwOldQCg30lUosKwWMSP3DAL/p7tePN
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

phemedronespywarestealer