General

  • Target

    465ebfbf2665eece0ef091d113b07a88de4bcd925cfbc9a4d08b939523a6c9a6

  • Size

    122KB

  • Sample

    240908-z9yjlawcrl

  • MD5

    c53d2c231de7b11b3cea7893515db84f

  • SHA1

    e5c0ebc4a880d9d7cac3d0debad73f7ae61a4b7a

  • SHA256

    465ebfbf2665eece0ef091d113b07a88de4bcd925cfbc9a4d08b939523a6c9a6

  • SHA512

    7841578209494a006bfb11007f0378ad9f40c4f2ec1722aea42509e868d956e41e3644c9aad41fb791c7f9cf0a71672f39ebd1185ba191c099b6bec4f84f1e63

  • SSDEEP

    3072:64Mr4PdDXmKn1A4iZIjHs1dRH95OwPTGUr:RmB4iT1dlRrGU

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7128957694:AAHNZekiFKhu87NdduDZHCOVdeFFAHP17CM/sendDocument

Targets

    • Target

      465ebfbf2665eece0ef091d113b07a88de4bcd925cfbc9a4d08b939523a6c9a6

    • Size

      122KB

    • MD5

      c53d2c231de7b11b3cea7893515db84f

    • SHA1

      e5c0ebc4a880d9d7cac3d0debad73f7ae61a4b7a

    • SHA256

      465ebfbf2665eece0ef091d113b07a88de4bcd925cfbc9a4d08b939523a6c9a6

    • SHA512

      7841578209494a006bfb11007f0378ad9f40c4f2ec1722aea42509e868d956e41e3644c9aad41fb791c7f9cf0a71672f39ebd1185ba191c099b6bec4f84f1e63

    • SSDEEP

      3072:64Mr4PdDXmKn1A4iZIjHs1dRH95OwPTGUr:RmB4iT1dlRrGU

    • Phemedrone

      An information and wallet stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks