Extracted

• • Target

    a1889a999e50a8b09a9f16c2b7e3fb6982e874eeda69a99172979912836296ce.exe

  • Size

    7.7MB

  • MD5

    83ec5ff1280377d70ff933a83977c570

  • SHA1

    24ec90ad79d43990046aaf963ed5b2eac32fb319

  • SHA256

    a1889a999e50a8b09a9f16c2b7e3fb6982e874eeda69a99172979912836296ce

  • SHA512

    b91f7aca28bc891f22229205db83d371fdebfb931d32c0ac5317dbde78430182a053e6d24949060a1af8abac777d6c797f846f676c23c1a07c0a0a3369f71bc6

  • SSDEEP

    196608:y0oV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:oYXMCHWUjqcuIWq/PJNe

  Score

  10^/10

  phemedronecredential_accessexecutionspywarestealer

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone

  • Phemedrone family

    phemedrone

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Powershell Invoke Web Request.

    execution

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer
  behavioral1behavioral2