General
-
Target
MegaLoader FIXED.zip
-
Size
89.8MB
-
Sample
240812-y72msssgnf
-
MD5
c6598071a1494ebdaf4e6b01c983c5dd
-
SHA1
230959c32204ff35aa3b5c2ccbbbfcab8e65d563
-
SHA256
8ff5d6d399f10b62b3704b7d16b52b67a4309dcdf6f3491d23d6e0b3fb7b8899
-
SHA512
09d81de771d2fcb61d5a38f1c181166a98e891bacd93eee9aa00189fc402ed01abe016cb740e0c0d2d588785fada7f6259b1c6a0e244ee97438ebf43d4ae33d3
-
SSDEEP
1572864:UfCv8YfFUaYf+MWUgLJu3o/tpP3MXk1ucMvMPc9f0i5IaTix/ZZ0Oj8gih:UKkY9UaduP/EPcZnTwZ0O8
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7295635807:AAG6Je3ea3mM7v5LKExuDgA5HyvjrbUsVXs/sendDocument
Targets
-
-
Target
MegaLoader FIXED/MEGALOADER.exe
-
Size
115KB
-
MD5
2e02c5ddc17eebb8ea41ac96b81931dc
-
SHA1
0c170d5a0f8ad30c626a6744ad984a70bbbfdd15
-
SHA256
26fd5047f1a005975c8a70b4c4f6cdd5039a614b316e07df273a29a7622e3239
-
SHA512
74b20b94a721d26152357ff79ab7dcabf57f91f30bed47315c0b43167163d56135ef88667b8a9b99ef1f883be9c6c297020d49b1ec8d9bf083ef02c073d69776
-
SSDEEP
1536:+8kZVfG5Pq8rGZd3RpHpc7f+W4O6eh9+5p65MKZjUue4/Xzexcwcn+lIAzYeeDsa:I7GRqPrJc7f4Tei5Ahjx4mbH
Score10/10-
Phemedrone
An information and wallet stealer written in C#.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-