General

  • Target

    240819-ffkk4ajp3z_pw_infected.zip

  • Size

    40KB

  • Sample

    240819-gmy8haxfkc

  • MD5

    4f6b7e99d9d9a989cf30057fa7b3441c

  • SHA1

    1dbd38c29ef45c3f24a5f985c126b745788bf1aa

  • SHA256

    5450438a57c00c3acdf40552dce8ed12387450fc86cba3fcd61275c882b6c90a

  • SHA512

    062c459047b1f3c93a87ae775ce989d17f3357e8ce08650694e3a6965c6e59c742613d61bad994a59bb3f28aea120f5d36ecce561bc0e6e3882bc5b4da0a1b2b

  • SSDEEP

    768:xRt27eNhfBFxBegSukaevxFF44ur5C/JxKU9nVeKM/qDoAlyBghiGsQW6qea4:/t2KNhfBFxBeLu8x44ur5C/JwIn4dMcy

Malware Config

Extracted

Family

phemedrone

C2

https://playerenterprises.org/test/gate.php

Targets

    • Target

      9ea494b525c4676e63f943e2d1dba751c377b9138613003c80d14ddfaed6883e

    • Size

      87KB

    • MD5

      86132bb156f6db9cfae5ebfb5288b781

    • SHA1

      004cf454208a56fe544ca39bf18918e56f46eba0

    • SHA256

      9ea494b525c4676e63f943e2d1dba751c377b9138613003c80d14ddfaed6883e

    • SHA512

      18c9effee58649cc3f32e3c0dce0edaf39b8090347e29f78dde582e974be792b03a7a79db000d935119428c2edb913855c761a88fc4bf39ad49bfc1577a78be0

    • SSDEEP

      1536:fpeDVWx+h8No/KeKAEo4ry/7qTCxaA5hAaspNSwEKyC2lsE:fpeDgIwo/KIWW/G+X5masKwEKyC2t

    • Phemedrone

      An information and wallet stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks