phemedrone | f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b | Triage

Sharing

General

Target

f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
Size

7.7MB
Sample

241104-khk2vszrar
MD5

2ad6238fb312c024dab72c65e8234dde
SHA1

a6bfe260d02b830ae8706149311a0aa01280ce36
SHA256

f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b
SHA512

ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b
SSDEEP

196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe

Score

10^/10

phemedrone execution pyinstaller stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8091768794:AAFZsJ1h-6BiszgyLm-eH6c-uITQ7Z99Wbc/sendDocument

Targets

- Target
  
  f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
- Size
  
  7.7MB
- MD5
  
  2ad6238fb312c024dab72c65e8234dde
- SHA1
  
  a6bfe260d02b830ae8706149311a0aa01280ce36
- SHA256
  
  f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b
- SHA512
  
  ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b
- SSDEEP
  
  196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe
Score

10^/10

phemedrone execution stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Phemedrone family
  phemedrone
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

phemedroneexecutionstealer