phemedrone | 86e8265d6b499bae9046d4530e26fe0565f8b58f3b8269064ffe6a908018b354 | Triage

Sharing

General

Target

86e8265d6b499bae9046d4530e26fe0565f8b58f3b8269064ffe6a908018b354.exe
Size

14.2MB
Sample

241104-kg2cfsyapm
MD5

c5d36c7404a03ec6df8024737d97a0c8
SHA1

9a213e487337376c38e0cfdac240dc6ffb5fdc1e
SHA256

86e8265d6b499bae9046d4530e26fe0565f8b58f3b8269064ffe6a908018b354
SHA512

812a21f479c56716d892df32a1f910b41310f74de13641d93654a0a722705fb90e114081f2af2ef8c4717febb05715183c0d6deb36bb135f819553c9a9e49216
SSDEEP

196608:MUehdkSzJ4bvuLE5rUSW9rWWsPbWIBMWRlHbLVb4zH:M94x5r1CrWWsTWIfN8

Score

10^/10

phemedrone execution stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8091768794:AAFZsJ1h-6BiszgyLm-eH6c-uITQ7Z99Wbc/sendDocument

Targets

- Target
  
  86e8265d6b499bae9046d4530e26fe0565f8b58f3b8269064ffe6a908018b354.exe
- Size
  
  14.2MB
- MD5
  
  c5d36c7404a03ec6df8024737d97a0c8
- SHA1
  
  9a213e487337376c38e0cfdac240dc6ffb5fdc1e
- SHA256
  
  86e8265d6b499bae9046d4530e26fe0565f8b58f3b8269064ffe6a908018b354
- SHA512
  
  812a21f479c56716d892df32a1f910b41310f74de13641d93654a0a722705fb90e114081f2af2ef8c4717febb05715183c0d6deb36bb135f819553c9a9e49216
- SSDEEP
  
  196608:MUehdkSzJ4bvuLE5rUSW9rWWsPbWIBMWRlHbLVb4zH:M94x5r1CrWWsTWIfN8
Score

10^/10

execution phemedrone stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Phemedrone family
  phemedrone
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

phemedroneexecutionstealer