phemedrone | 24363ff2948bd9a78635471498e899306edfff82ab96d1b977a564ef2eae5b41 | Triage

Sharing

General

Target

552708c436696f90f45a1e37db90ea90N.exe
Size

116KB
Sample

240731-ddxfrsxdkc
MD5

552708c436696f90f45a1e37db90ea90
SHA1

4470d1182f2587a1f9cd974e712929660234fff1
SHA256

24363ff2948bd9a78635471498e899306edfff82ab96d1b977a564ef2eae5b41
SHA512

116408995058a015137aeec14490468470dd241175b917ef16b63ab1b324e265d26db221693b4b858e43b67a57084383b0bbebe245a3ff8391aef24b57c63e85
SSDEEP

1536:7QEQ6Or1v0eEW32jrMP+Uo8ZPp+8y6OG60Ee5K3QC/xxx3pZzHNoriwoQAhL8j:ErnhBagZQ8HOSEe5rC/xxnZztwj

Score

10^/10

phemedrone credential_access spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7206720228:AAEBZdduavQnTtKEU_zzcbsBpsX39gH7twg/sendDocument

Targets

- Target
  
  552708c436696f90f45a1e37db90ea90N.exe
- Size
  
  116KB
- MD5
  
  552708c436696f90f45a1e37db90ea90
- SHA1
  
  4470d1182f2587a1f9cd974e712929660234fff1
- SHA256
  
  24363ff2948bd9a78635471498e899306edfff82ab96d1b977a564ef2eae5b41
- SHA512
  
  116408995058a015137aeec14490468470dd241175b917ef16b63ab1b324e265d26db221693b4b858e43b67a57084383b0bbebe245a3ff8391aef24b57c63e85
- SSDEEP
  
  1536:7QEQ6Or1v0eEW32jrMP+Uo8ZPp+8y6OG60Ee5K3QC/xxx3pZzHNoriwoQAhL8j:ErnhBagZQ8HOSEe5rC/xxnZztwj
Score

10^/10

phemedrone credential_access spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessspywarestealer

behavioral2

phemedronecredential_accessspywarestealer