General

  • Target

    https://github.com/Dvdf45tyv5y/help/raw/main/name.rar

  • Sample

    240917-qq9cbawajn

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7370990677:AAFRG5SGghnaK_mDZqGyrOAkScygRIFkkzQ/sendDocument

Targets

    • Target

      https://github.com/Dvdf45tyv5y/help/raw/main/name.rar

    • Phemedrone

      An information and wallet stealer written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks