Overview

overview

10

Static

static

3

loader.exe

windows10-1703-x64

10

loader.exe

windows7-x64

10

loader.exe

windows10-2004-x64

10

loader.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.exe

  • Size

    139KB

  • Sample

    240815-cmm31svbjl

  • MD5

    fb945448fb22c90d4a788494084c7f2e

  • SHA1

    cd6173bd4a143ed1793fe0d305d329472bb2b70b

  • SHA256

    db8721f8df446cbb083694598bef88e7a9f60dcd132a89f436a66b93fa2464b2

  • SHA512

    66b1d59423fa9d79645e1a1cfa06d38907ca4d8cdad5213efffbbf8fab503724ec53fa22c1d20d13db0cca62e718bdb47f0b474f6d091ff31b5c823292993eb0

  • SSDEEP

    3072:vl8ENz25WGNx23FTuHqW8hsn0kg0+T77qCGKLhN8IxX56Ez:dhNz28GNU3JAh8h60kpM72ohNRxYE

Score
10/10
phemedronecredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7253527125:AAG2zbXlkuY33BxLSZk2mcohhToET22xkTM/sendDocument

Targets

    • Target

      loader.exe

    • Size

      139KB

    • MD5

      fb945448fb22c90d4a788494084c7f2e

    • SHA1

      cd6173bd4a143ed1793fe0d305d329472bb2b70b

    • SHA256

      db8721f8df446cbb083694598bef88e7a9f60dcd132a89f436a66b93fa2464b2

    • SHA512

      66b1d59423fa9d79645e1a1cfa06d38907ca4d8cdad5213efffbbf8fab503724ec53fa22c1d20d13db0cca62e718bdb47f0b474f6d091ff31b5c823292993eb0

    • SSDEEP

      3072:vl8ENz25WGNx23FTuHqW8hsn0kg0+T77qCGKLhN8IxX56Ez:dhNz28GNU3JAh8h60kpM72ohNRxYE

    Score
    10/10
    phemedronediscoverystealercredential_accessspyware

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks