phemedrone | 794c2c669a30e746be3848eb9ae1a4ba3a1de7c87c338fc2ad4c05d6d84049b8 | Triage

Sharing

General

Target

Akodoco.exe
Size

121KB
Sample

240804-fye4bssaka
MD5

1614165de39294aae3ac8ccdad9444e8
SHA1

8eb7625787c4d0e50898affd35e9e1c6455d7c5b
SHA256

794c2c669a30e746be3848eb9ae1a4ba3a1de7c87c338fc2ad4c05d6d84049b8
SHA512

e8f7580af1b0ec5a9605b0ae8f5f38d5667318a5e006a3cb2532e0a8e16e297fca96259872e1c4311891bdf3b5cf129ab0dab9be52c8682b98cbc27b7479a869
SSDEEP

1536:oVcq+cCZgb7M9N0rZrGCOhxgRGQKETLH/b5jLX5NqD/l9HoPgwjzHB+R5ggvT:Q+cC5N0rk92dn7ZX5cjlRo7wR3

Score

10^/10

phemedrone credential_access spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6394807660:AAE3wwuyqXA763tQqimJu-D2QyZ7BxLhPG0/sendDocument

Targets

- Target
  
  Akodoco.exe
- Size
  
  121KB
- MD5
  
  1614165de39294aae3ac8ccdad9444e8
- SHA1
  
  8eb7625787c4d0e50898affd35e9e1c6455d7c5b
- SHA256
  
  794c2c669a30e746be3848eb9ae1a4ba3a1de7c87c338fc2ad4c05d6d84049b8
- SHA512
  
  e8f7580af1b0ec5a9605b0ae8f5f38d5667318a5e006a3cb2532e0a8e16e297fca96259872e1c4311891bdf3b5cf129ab0dab9be52c8682b98cbc27b7479a869
- SSDEEP
  
  1536:oVcq+cCZgb7M9N0rZrGCOhxgRGQKETLH/b5jLX5NqD/l9HoPgwjzHB+R5ggvT:Q+cC5N0rk92dn7ZX5cjlRo7wR3
Score

10^/10

phemedrone credential_access spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessspywarestealer