General

  • Target

    f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe

  • Size

    7.7MB

  • Sample

    241104-khk2vszrar

  • MD5

    2ad6238fb312c024dab72c65e8234dde

  • SHA1

    a6bfe260d02b830ae8706149311a0aa01280ce36

  • SHA256

    f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b

  • SHA512

    ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b

  • SSDEEP

    196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8091768794:AAFZsJ1h-6BiszgyLm-eH6c-uITQ7Z99Wbc/sendDocument

Targets

    • Target

      f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe

    • Size

      7.7MB

    • MD5

      2ad6238fb312c024dab72c65e8234dde

    • SHA1

      a6bfe260d02b830ae8706149311a0aa01280ce36

    • SHA256

      f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b

    • SHA512

      ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b

    • SSDEEP

      196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks