General

  • Target

    Gejebah.exe

  • Size

    121KB

  • Sample

    240914-eshrlawhme

  • MD5

    549ac3689f3b175a32c5c1d306cb55cc

  • SHA1

    7b1e7fa118b45e23f27b5e3cf4bde1437f943a29

  • SHA256

    3421c25759264c1896eea4a2ddb855559f3a1db8b8103511ea2ac2ffca7bf32d

  • SHA512

    41712806bf94b9260dcd31f5052a2296b35589f02b69abce5484c10a66f7ca76a3db874aa5600fb193121b0d74ab3d1cd4ebd4633d5d94d2fef8610bd73547a1

  • SSDEEP

    1536:/9DJ8Skf2ZIohErCHKiJmO/wskUoss/ojbFA5RRUeXJl3y3XhPSfth9isj2mQH:FDJ8SfZIos0/KZWFA5z97Mf

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot6766891578:AAE47sIyviQ0_skRFQtvxeYcndg1C8RFyo4/sendDocument

Targets

    • Target

      Gejebah.exe

    • Size

      121KB

    • MD5

      549ac3689f3b175a32c5c1d306cb55cc

    • SHA1

      7b1e7fa118b45e23f27b5e3cf4bde1437f943a29

    • SHA256

      3421c25759264c1896eea4a2ddb855559f3a1db8b8103511ea2ac2ffca7bf32d

    • SHA512

      41712806bf94b9260dcd31f5052a2296b35589f02b69abce5484c10a66f7ca76a3db874aa5600fb193121b0d74ab3d1cd4ebd4633d5d94d2fef8610bd73547a1

    • SSDEEP

      1536:/9DJ8Skf2ZIohErCHKiJmO/wskUoss/ojbFA5RRUeXJl3y3XhPSfth9isj2mQH:FDJ8SfZIos0/KZWFA5z97Mf

    • Phemedrone

      An information and wallet stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.