General

  • Target

    c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4

  • Size

    2.5MB

  • Sample

    241204-sfl55strgm

  • MD5

    b92517f43a1d4008515c9f91d055d26f

  • SHA1

    fc6e24810f86356e74df241d92b9f03aeaebcf93

  • SHA256

    c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4

  • SHA512

    29236146075de6215bb425c6e1e162930eaf99d215a0eecd7ae304ca7ea8314b0eb44a940edd382bcf306e5c3fda699ec720dd905390e118d86840f90323cadb

  • SSDEEP

    49152:mv0ZGMGEClXTCWYECZVu5Cx7L0V3dyyR4XKo+CsXghlKiA2k0kET1xxsn4:mvCXTAnJdiX23FOaY4ivk0kE1xxT

Malware Config

Extracted

Family

phemedrone

C2

https://www.plufferr.com/api/send.php

Targets

    • Target

      Imperium.exe

    • Size

      895KB

    • MD5

      2e627886f546dec55fd0243de22f966e

    • SHA1

      32bcbfd80baef07a2e05b8ed673a469741b74828

    • SHA256

      fe21d4c63aa2ec21a4311955decfcf4d8dd7ec73bc9fa07655e14de6762489e7

    • SHA512

      9642e596de2c2f2995180d5c4ec87619b10aaad1ca846eff55ed9c32c513b6994f47d87b3dc52e7a9f5990c4bac019d57dc8bcb3ea6381a43a176169067fdb3d

    • SSDEEP

      12288:Wh1Lk70TnvjcQexF/3hr9mvqXO/bW8/1Ci9uJ41I8opwxcHXi2jlXWnbkQ:6k70Trc7F/3aWO98PZUqXieXWnb

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

    • Target

      advpack.dll

    • Size

      176KB

    • MD5

      327c4cbba43881847674c831e4b1a672

    • SHA1

      1277cf5c846a25b9b9e19f9a7ca92377b91a92c9

    • SHA256

      d91af176c416e14d9533614287fe1175fcd193ee8125280ee777c92ef7e683b9

    • SHA512

      5cf4d9ca80f43bd845ca428a63fc1267a5a688b7378758b950be5b3d06d81e3011bfe2ff32d50fc30b2bd58632490190b9a5e98d59a121644550adee1b27d38f

    • SSDEEP

      3072:glgx98bHDj0qjbcB6hRu+0GU0AuJ9UqhE7LMxQcWVrFO8h:MgxwMDURu+0LvuJ9UsEkxQcW28

    Score
    1/10
    • Target

      aeevts.dll

    • Size

      40KB

    • MD5

      b1fb90460e64ff5fb355015e0aaa8f55

    • SHA1

      b29edfe643774951f26555c39ab0d89e6cbea62a

    • SHA256

      3e9eeef724a1cfc8efd28d844c2ef93fbc9c589fb967972826ec1e85f7b30e1a

    • SHA512

      f89fbdd78203709a3aac5490295f987869754fc9c4e260be8b5c05c7d31888d984655d453aa9b9e5070cf3f6a2214e2a669d5acddb8263c4b5255d096128491c

    • SSDEEP

      384:TWtTWJjQAI2mNChgCweNvpBJG9EgRVLFMmBeJ71aLa0aua0MR9nil8pf:+EBuFMPp

    Score
    1/10
    • Target

      aeinv.dll

    • Size

      1.1MB

    • MD5

      83801773bdc161a1a6cf03615acffb76

    • SHA1

      3cd3c85b815df66e1672dbbcc7008b90a9501bda

    • SHA256

      bc298d57abe6d3537a02373da2de4cfb489ccaa789bfb38d06f45dfe0d3a8ffe

    • SHA512

      489159edf0a6a701ef2d183ab9a635e1be9c8e648eb747e6dce5d3f3c85ce7a5d582360197835852f160d6d3fd632cf43951eb8d2fd3ab9306fefe946ebd4818

    • SSDEEP

      24576:/eOYWsOYk8nuolHY5tgbechOUuggnnMxV54:SWs7kAHCcgnnMx4

    Score
    1/10
    • Target

      aeinvext.dll

    • Size

      137KB

    • MD5

      b077dca3a3302c6698704db7dc479f83

    • SHA1

      fb32cd263cca1bc4c161845170e2bc457b1218fa

    • SHA256

      5798ca103742e38b0f3fd76d7d4ea67969448b42d1773fcb5a0044b973c3bb8e

    • SHA512

      f11b86857b8f3b0d60c34348184d795c8c15bf8c0c9e88aa22dda842b9bfea678bd589b5aad71f4cbcd5993f9fdc2787b17ed58ceba9519a93147e69b373d46c

    • SSDEEP

      3072:D3iMxAOK2PfVvIuHFIZBsXI8+4KyhmX6Fym:GMxTtvIuHqfs+yhmKj

    Score
    1/10
    • Target

      aemarebackup.dll

    • Size

      865KB

    • MD5

      3406bc45650f31a6290a065f88eb63e6

    • SHA1

      e41c610ff423f2e5099f106c656b546b3e0e9983

    • SHA256

      7a2ad332f71754ded3a208ccc8c895a8a6f2d3fddaf44dd1d06a65f723c397e2

    • SHA512

      00916db3fa133e81518069ba806848ae1811f347c0c6ff015ab5a14c6630f40d7609b5f666cd78466801a621829c3a97ebe9b564f3aedb77f16e5fc8b368dd57

    • SSDEEP

      24576:w3pg8cKANDLlG8YR93n6YlVnfKIBTSBrE:Qpg8cKYLl8R9X6YlVn1tYI

    Score
    1/10
    • Target

      aepic.dll

    • Size

      614KB

    • MD5

      a039814fa8bb5e0258fc75da497f3ca5

    • SHA1

      baaaa523c51e7053937c46f1b706f1ef928dea43

    • SHA256

      5ae3b209390d6e5a6a25e3cd9fc15f5a58c8167d6edc6488cc65b854ef234681

    • SHA512

      0aae23dbc7a3cc95993bf146fe651e5f0bcd55d223aaa80bcbdbbefcce812483d204e003fc9d9d2690502291f2b413ff195e5821fa533b74331cf63ccac9eb58

    • SSDEEP

      12288:YqKwm5+thXf9VWazkipXdCQwJmCSlfWY/p3Tt4WGU:w35+tZV0okipXdCQwTS0Y/p3Tt4WGU

    Score
    1/10
    • Target

      agentactivationruntime.dll

    • Size

      1012KB

    • MD5

      44dfa56134ed49e584a12780e5c2e9c9

    • SHA1

      f605d11115e0c4f98558fdcd13b61bfba452af43

    • SHA256

      367f1fd7dcf1af6c3e1f1d8a37f471350fe8eb0a5b1680e990c2a5497b2b5cbe

    • SHA512

      766a4f471fa2c981199b9bd84f6a561f04f8a199377ad9c71a558d5281a636e3b8672bcd0d51f22ff6c7d47fcaa4cd836e103c2fb66cd2926b559109a5743648

    • SSDEEP

      12288:PbCYEaLDjT5G0AleAyCzRcdjv8nzsLJWd1XTfVATQjO/d:DVLDjQXlW8C7FJWd1XTdAZ

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks