phemedrone | 7a2e81375e856c2407907599f401b4a5ec43322bc8e5a4847c43a97f4b91af3f | Triage

Sharing

General

Target

tmpg45mr2xx
Size

137KB
Sample

241021-tw7bpa1brl
MD5

e27b299c37caf241ff547c4845efb6d6
SHA1

a5b62b4536da6262e18315a44ca5ff7be4dd658f
SHA256

7a2e81375e856c2407907599f401b4a5ec43322bc8e5a4847c43a97f4b91af3f
SHA512

962f94f887b7d6fa95402bc9ef2fbea68deed0a76871e461176e03ad88d07ded383f244095318aa2499543703654825029299b403a16469c1ad635a143d10fcb
SSDEEP

1536:qQfUyJkgcYU/BFI6d75KunrlsCK2Wu01Dy5s5b3x07XSI7UKCWaDCoL3T4NODbio:qQ849/Ud75FnZtCDyK5Tm7iIFCzPi0F

Score

10^/10

phemedrone credential_access spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7580542331:AAGHf6T43IrCaf5fPcI73jO_S0Bs8H-8Nig/sendDocument

Targets

- Target
  
  tmpg45mr2xx
- Size
  
  137KB
- MD5
  
  e27b299c37caf241ff547c4845efb6d6
- SHA1
  
  a5b62b4536da6262e18315a44ca5ff7be4dd658f
- SHA256
  
  7a2e81375e856c2407907599f401b4a5ec43322bc8e5a4847c43a97f4b91af3f
- SHA512
  
  962f94f887b7d6fa95402bc9ef2fbea68deed0a76871e461176e03ad88d07ded383f244095318aa2499543703654825029299b403a16469c1ad635a143d10fcb
- SSDEEP
  
  1536:qQfUyJkgcYU/BFI6d75KunrlsCK2Wu01Dy5s5b3x07XSI7UKCWaDCoL3T4NODbio:qQ849/Ud75FnZtCDyK5Tm7iIFCzPi0F
Score

10^/10

phemedrone stealer credential_access spyware
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronestealer

behavioral2

phemedronecredential_accessspywarestealer