General
-
Target
73dac4bb47f3d767633827448b03abf12c5e2561180db45204ee1ca800ebb212
-
Size
358KB
-
Sample
241113-3akp8svjhk
-
MD5
6492e47738dd77951bd2f5f9839f6636
-
SHA1
8a647c9a1594d1b5e16ffcb32de1264787c4a80e
-
SHA256
73dac4bb47f3d767633827448b03abf12c5e2561180db45204ee1ca800ebb212
-
SHA512
e563d188d124071cada50bd3ae8b7b30bfef605b5c1e2a97b3bde39534ed1b03be4cac3a2ef830aa97c77a5778af076a56e96c2f568e5e0c3d8948c796d615ff
-
SSDEEP
6144:G7yrhcdXOmSnpz70UFuRwo+JcoEej3KFUzR/FLUY+Yw:64UOf0UFTo+JPj36UzR/9Rw
Behavioral task
behavioral1
Sample
73dac4bb47f3d767633827448b03abf12c5e2561180db45204ee1ca800ebb212.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
73dac4bb47f3d767633827448b03abf12c5e2561180db45204ee1ca800ebb212.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot5942488573:AAHwpEclqtQTOQ8pXq-JbNtaNF28JxIiT1E/sendDocument
Targets
-
-
Target
73dac4bb47f3d767633827448b03abf12c5e2561180db45204ee1ca800ebb212
-
Size
358KB
-
MD5
6492e47738dd77951bd2f5f9839f6636
-
SHA1
8a647c9a1594d1b5e16ffcb32de1264787c4a80e
-
SHA256
73dac4bb47f3d767633827448b03abf12c5e2561180db45204ee1ca800ebb212
-
SHA512
e563d188d124071cada50bd3ae8b7b30bfef605b5c1e2a97b3bde39534ed1b03be4cac3a2ef830aa97c77a5778af076a56e96c2f568e5e0c3d8948c796d615ff
-
SSDEEP
6144:G7yrhcdXOmSnpz70UFuRwo+JcoEej3KFUzR/FLUY+Yw:64UOf0UFTo+JPj36UzR/9Rw
-
Phemedrone family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-