Behavioral task
behavioral1
Sample
83937f232fb4ed220ffe996f17016132d39d5d1b15cf039338871a641439d33eN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
83937f232fb4ed220ffe996f17016132d39d5d1b15cf039338871a641439d33eN.exe
Resource
win10v2004-20240802-en
General
-
Target
83937f232fb4ed220ffe996f17016132d39d5d1b15cf039338871a641439d33eN
-
Size
138KB
-
MD5
19b81d33f51a88184418ea44457a9d60
-
SHA1
c60d106c7fe0441510933c4885e4d9f514463f00
-
SHA256
83937f232fb4ed220ffe996f17016132d39d5d1b15cf039338871a641439d33e
-
SHA512
0f08345084a8a01f6e3d913683fd60ed8c7c4698b2cc43fc836650b16813f0b851241ebbebdf0e955f71701b9f84633f46d12e178e8dea82021e8821afaa71fb
-
SSDEEP
3072:R28SrpYJw+qQdgM3/Q8Ey5ERYKUVsgVWvgpx:n1mQdf3/Q5GKUVpV
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7416805555:AAH0Tesujlq6rLfW6UQv3aidMS7QEFHsZJU/sendDocument
Signatures
-
Phemedrone family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 83937f232fb4ed220ffe996f17016132d39d5d1b15cf039338871a641439d33eN
Files
-
83937f232fb4ed220ffe996f17016132d39d5d1b15cf039338871a641439d33eN.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ