Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-10-2024 16:33
Behavioral task
behavioral1
Sample
tmpg45mr2xx.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
tmpg45mr2xx.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
tmpg45mr2xx.exe
-
Size
137KB
-
MD5
e27b299c37caf241ff547c4845efb6d6
-
SHA1
a5b62b4536da6262e18315a44ca5ff7be4dd658f
-
SHA256
7a2e81375e856c2407907599f401b4a5ec43322bc8e5a4847c43a97f4b91af3f
-
SHA512
962f94f887b7d6fa95402bc9ef2fbea68deed0a76871e461176e03ad88d07ded383f244095318aa2499543703654825029299b403a16469c1ad635a143d10fcb
-
SSDEEP
1536:qQfUyJkgcYU/BFI6d75KunrlsCK2Wu01Dy5s5b3x07XSI7UKCWaDCoL3T4NODbio:qQ849/Ud75FnZtCDyK5Tm7iIFCzPi0F
Score
10/10
Malware Config
Extracted
Family
phemedrone
C2
https://api.telegram.org/bot7580542331:AAGHf6T43IrCaf5fPcI73jO_S0Bs8H-8Nig/sendDocument
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1600 wrote to memory of 2092 1600 tmpg45mr2xx.exe 30 PID 1600 wrote to memory of 2092 1600 tmpg45mr2xx.exe 30 PID 1600 wrote to memory of 2092 1600 tmpg45mr2xx.exe 30