phemedrone | 607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

607d41c882...5d.exe

windows7-x64

607d41c882...5d.exe

windows10-2004-x64

Sharing

General

Target

607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d
Size

246KB
Sample

241103-3nwpnazqaq
MD5

e082366c147031e7aaf6ca47a0110ad3
SHA1

51223ecf048edf1627f0f182e923922ff19bbb28
SHA256

607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d
SHA512

cd91e9852e886451245855ccbc370c6b81cddb6461277f325fabedf0b8fa7d473e582094b66be099266942e9baa18c908a7c6d0db80128dd946a56be0e70ac7f
SSDEEP

3072:zlgkNWf0LIQz3IWFEisl7oAS5WVgK56NMPspkpIl5JNnET:BSf6XzDei8UAbZIEsyQ9

Score

10^/10

phemedrone credential_access spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d.exe

Resource

win7-20240903-en

phemedrone credential_access spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d.exe

Resource

win10v2004-20241007-en

phemedrone credential_access spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8091768794:AAFZsJ1h-6BiszgyLm-eH6c-uITQ7Z99Wbc/sendDocument

Targets

- Target
  
  607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d
- Size
  
  246KB
- MD5
  
  e082366c147031e7aaf6ca47a0110ad3
- SHA1
  
  51223ecf048edf1627f0f182e923922ff19bbb28
- SHA256
  
  607d41c88298d5fdd3624d6ba7a7ae36f7cd90b20bc03390977740fed8b4065d
- SHA512
  
  cd91e9852e886451245855ccbc370c6b81cddb6461277f325fabedf0b8fa7d473e582094b66be099266942e9baa18c908a7c6d0db80128dd946a56be0e70ac7f
- SSDEEP
  
  3072:zlgkNWf0LIQz3IWFEisl7oAS5WVgK56NMPspkpIl5JNnET:BSf6XzDei8UAbZIEsyQ9
Score

10^/10

phemedrone credential_access spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Phemedrone family
  phemedrone
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessspywarestealer

behavioral2

phemedronecredential_accessspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.