Resubmissions
21-11-2024 21:22
241121-z7zc4ssmgp 10Analysis
-
max time kernel
36s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2024 21:22
Behavioral task
behavioral1
Sample
system.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
system.exe
Resource
win10v2004-20241007-en
General
-
Target
system.exe
-
Size
122KB
-
MD5
8ccbd97201fb104da148476fb7740d38
-
SHA1
33b60652da7403daeb3e18c8f5db8d9c4e595e43
-
SHA256
f5939fc9c044ea28527a3f66ce394153b43473d28e1209c49dd19d5916e1368d
-
SHA512
b03e1849a858cd02a9f025c1897638ac2c038f4218c179bbb9a8cfd5d0db41d00fa620d861977802f8bf3250f5c9d09986e95da61fa4019912b60747473c1ad8
-
SSDEEP
3072:EG3oAZoUcggU5DZv2eZU72VM5B5rhYb9wEKT3ut:E0oIoUcgpO2VwHREK
Malware Config
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Phemedrone family
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3268 system.exe 3268 system.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3268 system.exe