General
-
Target
f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
-
Size
7.7MB
-
Sample
241104-khk2vszrar
-
MD5
2ad6238fb312c024dab72c65e8234dde
-
SHA1
a6bfe260d02b830ae8706149311a0aa01280ce36
-
SHA256
f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b
-
SHA512
ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b
-
SSDEEP
196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe
Behavioral task
behavioral1
Sample
f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot8091768794:AAFZsJ1h-6BiszgyLm-eH6c-uITQ7Z99Wbc/sendDocument
Targets
-
-
Target
f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
-
Size
7.7MB
-
MD5
2ad6238fb312c024dab72c65e8234dde
-
SHA1
a6bfe260d02b830ae8706149311a0aa01280ce36
-
SHA256
f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b
-
SHA512
ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b
-
SSDEEP
196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe
Score10/10-
Phemedrone family
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-