phemedrone | b2fe98d4ac3d137587b4cd0521cd28a695adb40872b1e6e5619a735ae2974e55 | Triage

Sharing

General

Target

b2fe98d4ac3d137587b4cd0521cd28a695adb40872b1e6e5619a735ae2974e55
Size

115KB
Sample

240806-bybcxsvfkr
MD5

3147cdd98b93d9517419dab0bb319955
SHA1

7a8dd45bff153b572192ac3769a8e4d55c92bfca
SHA256

b2fe98d4ac3d137587b4cd0521cd28a695adb40872b1e6e5619a735ae2974e55
SHA512

e6ee3545d1ed4e58d33806e150e78391983a97c36e302b219656196f0666aed20df184d02efda4ffa72b08ae56749e84b5cff9a02955c28d62d917c50686961c
SSDEEP

3072:fSXbCQflsSclnFtYbZ/MGOu5us9cSDYRw1Vk:zcgjYbZ/MpLzY1V

Score

10^/10

phemedrone credential_access spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot5394241541:AAHJzSGiYRn25-qKamWj7biroYFdz9W0a4k/sendDocument

Targets

- Target
  
  b2fe98d4ac3d137587b4cd0521cd28a695adb40872b1e6e5619a735ae2974e55
- Size
  
  115KB
- MD5
  
  3147cdd98b93d9517419dab0bb319955
- SHA1
  
  7a8dd45bff153b572192ac3769a8e4d55c92bfca
- SHA256
  
  b2fe98d4ac3d137587b4cd0521cd28a695adb40872b1e6e5619a735ae2974e55
- SHA512
  
  e6ee3545d1ed4e58d33806e150e78391983a97c36e302b219656196f0666aed20df184d02efda4ffa72b08ae56749e84b5cff9a02955c28d62d917c50686961c
- SSDEEP
  
  3072:fSXbCQflsSclnFtYbZ/MGOu5us9cSDYRw1Vk:zcgjYbZ/MpLzY1V
Score

10^/10

phemedrone credential_access spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessspywarestealer

behavioral2

phemedronecredential_accessspywarestealer