General

  • Target

    Gejebah.exe

  • Size

    121KB

  • Sample

    240914-eshrlawhme

  • MD5

    549ac3689f3b175a32c5c1d306cb55cc

  • SHA1

    7b1e7fa118b45e23f27b5e3cf4bde1437f943a29

  • SHA256

    3421c25759264c1896eea4a2ddb855559f3a1db8b8103511ea2ac2ffca7bf32d

  • SHA512

    41712806bf94b9260dcd31f5052a2296b35589f02b69abce5484c10a66f7ca76a3db874aa5600fb193121b0d74ab3d1cd4ebd4633d5d94d2fef8610bd73547a1

  • SSDEEP

    1536:/9DJ8Skf2ZIohErCHKiJmO/wskUoss/ojbFA5RRUeXJl3y3XhPSfth9isj2mQH:FDJ8SfZIos0/KZWFA5z97Mf

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6766891578:AAE47sIyviQ0_skRFQtvxeYcndg1C8RFyo4/sendDocument

Targets

    • Target

      Gejebah.exe

    • Size

      121KB

    • MD5

      549ac3689f3b175a32c5c1d306cb55cc

    • SHA1

      7b1e7fa118b45e23f27b5e3cf4bde1437f943a29

    • SHA256

      3421c25759264c1896eea4a2ddb855559f3a1db8b8103511ea2ac2ffca7bf32d

    • SHA512

      41712806bf94b9260dcd31f5052a2296b35589f02b69abce5484c10a66f7ca76a3db874aa5600fb193121b0d74ab3d1cd4ebd4633d5d94d2fef8610bd73547a1

    • SSDEEP

      1536:/9DJ8Skf2ZIohErCHKiJmO/wskUoss/ojbFA5RRUeXJl3y3XhPSfth9isj2mQH:FDJ8SfZIos0/KZWFA5z97Mf

    • Phemedrone

      An information and wallet stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks