phemedrone | 4b0452de8632fa8ff33a3389d54ed830262d078ad70397b4e3e8ca20524b2685

Analysis

max time kernel
139s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nursultan Alpha (prem).exe
Size

122KB
MD5

8ac482e42ec8603a980b59f51e723d11
SHA1

0ecbc9fcfe923d0d5ce2fc3cad6a909f2c86b93f
SHA256

4b0452de8632fa8ff33a3389d54ed830262d078ad70397b4e3e8ca20524b2685
SHA512

d06a717245e41c5b5b24e737420bf0e1838642366d43094eaaa62f44e824fc745bb306177b9f5332171151fcb10d17fd39cd881b3bcdaeda280365b912889a69
SSDEEP

1536:Tj0fkXVzTHtLrw3FfkEvCHKJtfImg0Nqf40ojCm5trtkwTUxm7L61LYMaKmvM4rr:30fkXVzTJrGfnP6xf4+m5ltBTyxA

Score

10^/10

phemedrone stealer

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot7322165665:AAFyOklLwRDgUWXVHyXw6ZlECDoQ6pM7WQ0/sendDocument

Signatures

Phemedrone
An information and wallet stealer written in C#.
stealer phemedrone

C:\Users\Admin\AppData\Local\Temp\Nursultan Alpha (prem).exe
"C:\Users\Admin\AppData\Local\Temp\Nursultan Alpha (prem).exe"
1⤵
PID:3240

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

Filesize
1KB

MD5
4bb39634e2ceffda9914f7307e96b5b2

SHA1
2c27fa649a2ae840373c456302de9175695cfa85

SHA256
facaa1c1fa637335ea5f09ed90371b432bb8fbda08755a4b1799315db13bc271

SHA512
607a29c17811e1faa90ff9f4f9ca0e9b655301bcc4071a7974ce10ab775e5f870ae91f585d95a038de496ed5bd90bb235640afce4e859caa543207cd880f1618

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
13KB

MD5
ffee678853c71aa60c3af22cabd136e2

SHA1
e215bdb3e9e41392ed535aa3a5cb3a90eb5ad6ea

SHA256
31838b07879db4e25e77221d47ced95995b5c2979205ab44e9070224a407a053

SHA512
def340d04d553580c1e1cdb95593c3b4131eab555eea32cb8d8ab6cf97b14200be10b5e92f29836e5cafa67f90aaccb85dec4a930b8ee1b944b2614845f44af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240802_123619520.html

Filesize
93KB

MD5
d1a06ca9e21a8b456cce51c8dff75e14

SHA1
f24aafe2ad51c2cbdd675a2975e9bb8e99c26ae9

SHA256
4a0a93442daa326b1f8af136d25375888fbc4e4ee61e789526f4de4eace348cd

SHA512
f1f05f25cbd705eab96e367b2be070b85e8900cf5a3ad4f11b486599679b6a92a3b361f38c544694e5ecb2f8067034fb1a314328c804438dbcffcd225119d461

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD9B31.tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-4644.log

Filesize
470B

MD5
b92c13e1acb75bfbb1660e8f2a6a5624

SHA1
d1f5dcbf280422b0a265b3383f4a122dfccbaed2

SHA256
1016f72ca0458bcba202ab77f17d0e705c2ee20d99b8517d78fa9cd6a5b10c5d

SHA512
a76bfe0446fca2ea4ce75ec2ef53db5dee531d2b5401be481a129845bfb20ec4543662b1e026f897cafb839f427c992bce990d6cdd023bd3781aa82b85f45320

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
6KB

MD5
2ce02951260bcbad8c6d61fae90c06ed

SHA1
7916fc45a0df14cd00aebf1d1ba8b7332a4b80eb

SHA256
357a6f92d0bf65c88a09fc768b1945b45fc7631eaf6f2b3de36f4a07dfc2b4b9

SHA512
fe7c27d060c8af6fa148eabecc1704ce026d199327776ce3e2d06f9c6e2ea9edbec509994281736d27b45a2809a41ba46a0a291a3b974fa9e531732378be0ac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
28add958d478808a90afd36b955e98a5

SHA1
876ff08c351139761d2fa04850e29db8e23bb5b1

SHA256
0ca403bdf313583f20fc3c472cb2fa53f4465a180ab367e8666f982a7588938f

SHA512
06210878d165ded0879e05befa9b21e1f9aaf64b35002fc141f174d099359f1003ac249bef1a823d4bad63e57357a77ee0e955285f456fdf827b55d53fab6f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI2B76.txt

Filesize
428KB

MD5
6d14f35b663cbc25b5e0760f4542cf59

SHA1
57cb16ad1f56b812f67912dd6ea50bd9e2802d48

SHA256
0a8aa7116ba53478098f1dedffb0f3ef6ae670981898d541fa7f10b8a2174655

SHA512
6dae135b663b145bde75f316948b2773d6a2145755ceb0ec0e5073b45d8f13487a86fb28b2c771a7fc1dc34b0a82233c36c7dd5924b40dc322d079b53f0856ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI2B93.txt

Filesize
415KB

MD5
30d31e4269c0dd408742f8163e8f3359

SHA1
b785be375497f34147f3d641e0291dd05920097d

SHA256
2a5de535bbf4443df4bdaaf6b36c763e72f479c2f05fe3ca56291856e6f7c9d1

SHA512
52bab7ea25e3c2063da91cfbff1cc13c462ef6124b1ef454d139b1235b6d08b4e30320c0ac07af3fe2f159657458eff4c08a344c5b098772e3d7a97339d75af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI2B76.txt

Filesize
11KB

MD5
3563d4caca06a5f2f66eef9d1937a9f5

SHA1
03d9c0e70847dd31bfa8c26ffb6a4a7d64584ba1

SHA256
eb14930f6f2ad9af3cfae1d332796072776e6c0225b2f8c9471b860f4438d637

SHA512
8a7d5d45ed921616735ea24bbf0093205cae266c8484ad009f6a4e9f66b2a4164d526e4eaae3dab9b8b40ab126fb7482a56bf840599385669e8842db146a9b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI2B93.txt

Filesize
11KB

MD5
8fec7628b4f2bff9507cfe4dcd7c7719

SHA1
503ff5c537499120ea31287a31b07e0945c97f44

SHA256
2965791707ab97369009d85f6fca0a30fde2da235b922e3211ff63f765ff73c8

SHA512
22a296d1e865ce251562700c2515f440eac2d214e35d4d13d6368524ca05916196955c9a21bb66c13a639932091b33cabee821a48e112c5cd6efae3510fe5f02

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
163KB

MD5
ac5b6bc0a689a90b539c90774060c120

SHA1
50b4e1915ae21747d0a9ed3e8e11e1f524cdfe5f

SHA256
c2dfbb17adcb69f924fe90672256e0a7589f46eb0a668b840a3e8229457c1f35

SHA512
c34fcc1c1a9df21bfee054ef32e4d31652aa52eba3d5b1d60f68b2f3bd213fa24141d6aa1227ee64274595329ddf3c67895afe7ea7125c9eedc140e4d740853d

Download Submit
memory/3240-0-0x00007FFD67A63000-0x00007FFD67A65000-memory.dmp

Filesize
8KB

Download
memory/3240-1-0x0000000000490000-0x00000000004B4000-memory.dmp

Filesize
144KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads