phemedrone | 38358ae773d721939f0d7e8f6b78edd6e0200f3db3f69f1f5bf8a20ef47a394f | Triage

Sharing

General

Target

38358ae773d721939f0d7e8f6b78edd6e0200f3db3f69f1f5bf8a20ef47a394f
Size

1.1MB
Sample

241113-z1hrsasnam
MD5

12cd6d4eeb407906eedbc0b1f4b0f6b7
SHA1

438fdf39c97484407c506b003aa81184b5bf48ef
SHA256

38358ae773d721939f0d7e8f6b78edd6e0200f3db3f69f1f5bf8a20ef47a394f
SHA512

96c0adc8041410cb5c922ab5c8942635e58547cac29791bc6a2dad9bbd6e06937c2b9785cbb9dd9b8a67e11d7007588aea265ce411928f60f38688f036045d1c
SSDEEP

24576:WDNAd93ox8aPGwu5sFE4VSsw1GtLoAHp9pNX5zCI2zev5puga1Tk4xbBby:Wad93ozywt7J9DX554wMb0

Score

10^/10

phemedrone credential_access discovery spyware stealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7641379829:AAFjgiXcMQofN3SUzqAhu88yXM8p4ktzdm4/sendDocument

Targets

- Target
  
  38358ae773d721939f0d7e8f6b78edd6e0200f3db3f69f1f5bf8a20ef47a394f
- Size
  
  1.1MB
- MD5
  
  12cd6d4eeb407906eedbc0b1f4b0f6b7
- SHA1
  
  438fdf39c97484407c506b003aa81184b5bf48ef
- SHA256
  
  38358ae773d721939f0d7e8f6b78edd6e0200f3db3f69f1f5bf8a20ef47a394f
- SHA512
  
  96c0adc8041410cb5c922ab5c8942635e58547cac29791bc6a2dad9bbd6e06937c2b9785cbb9dd9b8a67e11d7007588aea265ce411928f60f38688f036045d1c
- SSDEEP
  
  24576:WDNAd93ox8aPGwu5sFE4VSsw1GtLoAHp9pNX5zCI2zev5puga1Tk4xbBby:Wad93ozywt7J9DX554wMb0
Score

10^/10

phemedrone credential_access discovery spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Phemedrone family
  phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessdiscoveryspywarestealer

behavioral2

phemedronecredential_accessdiscoveryspywarestealer