General
-
Target
Activation.exe
-
Size
3.2MB
-
Sample
241204-q1aazasler
-
MD5
aa3a94ba72728df41a815b060f5e9c52
-
SHA1
baec525e25786a3787b90b300a383f814e65377d
-
SHA256
573a6686dba8217e51b0c4fd9b041a4bf3ce193d6be69e201a6edcefa3dc42e6
-
SHA512
99772aa3f7837a205f1657730cafc93d8bdcd3cd3826669402f344db5ba28d48c84521dba2a7eab2e7a0c5b3b064fe8c364b9665d03253a94f6177565ef82962
-
SSDEEP
98304:Jj3eS6htWV1940j0wk0IySMGfEsiC0BDm+:0S67WVRjplgMJRVb
Behavioral task
behavioral1
Sample
Activation.exe
Resource
win7-20240903-en
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7772275304:AAF3OSvWBzn5cIHkGD9ueBFz5ed91u-60-U/sendDocument
Targets
-
-
Target
Activation.exe
-
Size
3.2MB
-
MD5
aa3a94ba72728df41a815b060f5e9c52
-
SHA1
baec525e25786a3787b90b300a383f814e65377d
-
SHA256
573a6686dba8217e51b0c4fd9b041a4bf3ce193d6be69e201a6edcefa3dc42e6
-
SHA512
99772aa3f7837a205f1657730cafc93d8bdcd3cd3826669402f344db5ba28d48c84521dba2a7eab2e7a0c5b3b064fe8c364b9665d03253a94f6177565ef82962
-
SSDEEP
98304:Jj3eS6htWV1940j0wk0IySMGfEsiC0BDm+:0S67WVRjplgMJRVb
-
Phemedrone family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3