General

  • Target

    aca69429dda5193c740c4c2941528d11a569b0a4c4c90470db3b74715ca0cbd6

  • Size

    40KB

  • Sample

    240819-p9z3baydrj

  • MD5

    db71088960f6f7484688ec0e3392c2d2

  • SHA1

    ecccd8f96cdebf4df0800168ef371a821a9816a6

  • SHA256

    aca69429dda5193c740c4c2941528d11a569b0a4c4c90470db3b74715ca0cbd6

  • SHA512

    37dbee3a8248cac14e7b328e98a809381c09a117a57746737e9a78fbe5e88fd70571a7458526d843457f2acb01f41c5602ca87e84cea1dd11bbf4a2d61db69c4

  • SSDEEP

    768:p0rZcJgw/c/OJqqNHeD8wrlnJzCRcGINM9eaTzqJugheBZ9NcPrLC3g66QHiX:nuhqteD88lnJzCZ3zqJugoBvirhXQCX

Malware Config

Extracted

Family

phemedrone

C2

https://playerenterprises.org/test/gate.php

Targets

    • Target

      9ea494b525c4676e63f943e2d1dba751c377b9138613003c80d14ddfaed6883e

    • Size

      87KB

    • MD5

      86132bb156f6db9cfae5ebfb5288b781

    • SHA1

      004cf454208a56fe544ca39bf18918e56f46eba0

    • SHA256

      9ea494b525c4676e63f943e2d1dba751c377b9138613003c80d14ddfaed6883e

    • SHA512

      18c9effee58649cc3f32e3c0dce0edaf39b8090347e29f78dde582e974be792b03a7a79db000d935119428c2edb913855c761a88fc4bf39ad49bfc1577a78be0

    • SSDEEP

      1536:fpeDVWx+h8No/KeKAEo4ry/7qTCxaA5hAaspNSwEKyC2lsE:fpeDgIwo/KIWW/G+X5masKwEKyC2t

    • Phemedrone

      An information and wallet stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks