Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 00:20
Behavioral task
behavioral1
Sample
8415f13b0232d073f4aa9e345407260998e5b7b10b4800fc34d064d77dd140f3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8415f13b0232d073f4aa9e345407260998e5b7b10b4800fc34d064d77dd140f3.exe
Resource
win10v2004-20241007-en
General
-
Target
8415f13b0232d073f4aa9e345407260998e5b7b10b4800fc34d064d77dd140f3.exe
-
Size
121KB
-
MD5
76ef38ee937aa1ef2df23df19508d581
-
SHA1
00de8455bf072874c351883522269c0bfbe973cc
-
SHA256
8415f13b0232d073f4aa9e345407260998e5b7b10b4800fc34d064d77dd140f3
-
SHA512
cfbf32c631a472f1200cf7d6add44266e4ae17b7c55b2a0d1b15f72b193d9b20ad101782c603c4b24893c0564a30ab1c8c14c4cf77ee3a45e9fc8833d9850400
-
SSDEEP
1536:/9oJ8Skf2ZIohErCHKiJxSn8PmJPYEW9FS+jfi5q7kIu6Zz1/KQBqHLgKccn4npX:FoJ8SfZIos03S8eJG9Fc5+r7uLghx
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7497338331:AAEJGEIPkQdHc_37msPzyi9qbnEG1SgWnyg/sendDocument
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1608 8415f13b0232d073f4aa9e345407260998e5b7b10b4800fc34d064d77dd140f3.exe