phemedrone | f17e66a90dfa250f34f0d8fe42e57911a348b6adc08b13db3765e2259a051b62 | Triage

Sharing

General

Target

Iguduvu.exe
Size

115KB
Sample

240706-s8mmdatcpr
MD5

d6dbf35249ae335417b2a86f7bc41db5
SHA1

37bd62f70e66087b0ac7b46fee343f25bde8534d
SHA256

f17e66a90dfa250f34f0d8fe42e57911a348b6adc08b13db3765e2259a051b62
SHA512

ed952bd9c21331a60729fd8b5759fb57a5db56ba02f2db8fe905a3166e88d2b7dbd6cae9a368fd250ba1c3afdc5dfbcb6b46f5983ed011d869ed3c848405207e
SSDEEP

1536:F0vTeZhDyUJZi3RFKfbNjKQauE7+z6WksjD15aE8Te/rC/SZpcAdpiXCsMx+VSFb:qv6ZheLsbN5bEHWko15aROrA6RoM

Score

10^/10

phemedrone spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7383063637:AAFyD9g219vkZhknsRfJlso3402h_1hs7xE/sendDocument

Targets

- Target
  
  Iguduvu.exe
- Size
  
  115KB
- MD5
  
  d6dbf35249ae335417b2a86f7bc41db5
- SHA1
  
  37bd62f70e66087b0ac7b46fee343f25bde8534d
- SHA256
  
  f17e66a90dfa250f34f0d8fe42e57911a348b6adc08b13db3765e2259a051b62
- SHA512
  
  ed952bd9c21331a60729fd8b5759fb57a5db56ba02f2db8fe905a3166e88d2b7dbd6cae9a368fd250ba1c3afdc5dfbcb6b46f5983ed011d869ed3c848405207e
- SSDEEP
  
  1536:F0vTeZhDyUJZi3RFKfbNjKQauE7+z6WksjD15aE8Te/rC/SZpcAdpiXCsMx+VSFb:qv6ZheLsbN5bEHWko15aROrA6RoM
Score

10^/10

phemedrone spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronespywarestealer

behavioral2

phemedronespywarestealer