General

  • Target

    daun.exe

  • Size

    557KB

  • Sample

    240912-x4dk5azhkb

  • MD5

    b748b605cf8d9e3103701202143aa092

  • SHA1

    e49095644bb43f9c5ac524b5519e00526794b102

  • SHA256

    d663c78c257545297181ac761995c3b86ef3df23a267ae43a69c5b7788e927d5

  • SHA512

    6b7b28619c91913b7c9cc184678d1e208867a0a0acd20bcc5a99194f6bafbb9fdeedeaac39563cecd938f930214774b426a6603c35d459de4b354e0f201b866c

  • SSDEEP

    12288:qQBI/5nXN+xaet5bgH3bC6eXLTidCeE9MGyldojOO/YP973qSarS2yWvdXglczGH:qQBI/5nXiaGbgXbC68

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7324318844:AAG9Yvtou9WcrzMj25CcTjoC8Eu_d5OZKZ0/sendDocument

Targets

    • Target

      daun.exe

    • Size

      557KB

    • MD5

      b748b605cf8d9e3103701202143aa092

    • SHA1

      e49095644bb43f9c5ac524b5519e00526794b102

    • SHA256

      d663c78c257545297181ac761995c3b86ef3df23a267ae43a69c5b7788e927d5

    • SHA512

      6b7b28619c91913b7c9cc184678d1e208867a0a0acd20bcc5a99194f6bafbb9fdeedeaac39563cecd938f930214774b426a6603c35d459de4b354e0f201b866c

    • SSDEEP

      12288:qQBI/5nXN+xaet5bgH3bC6eXLTidCeE9MGyldojOO/YP973qSarS2yWvdXglczGH:qQBI/5nXiaGbgXbC68

    • Phemedrone

      An information and wallet stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks