General

  • Target

    Rajahax.exe

  • Size

    138KB

  • Sample

    241206-m3k9gatpfs

  • MD5

    3a2efdd34244d2e32564be1ecd2ae2fb

  • SHA1

    a59fe64e0fcd7dd73bf1d6a748e3cf8416eef93f

  • SHA256

    248c2fb9b77901a03336a08aed6c8ad459b7853168160f233946b21bf786090f

  • SHA512

    3e19c0a0640a5a3ea51743fbba093dae7bd47c83d2a8f406d9872c8bc9cba8a4df28887156fd567e8f2f0436cfb6b80705da98ecde6f992c82441117959af31f

  • SSDEEP

    1536:kAxJAVmt6R/ZyWyElr+fuTdOp6dcDw0u0fZwn5y43RMlhfLLjl0ctdZPCs3Kj3h3:kAxJAQt0yWThdOp6bn5yWsdvt/PiSK

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7256179101:AAH9javBF9KWz5fXIR2_YM3Ma3CqowIubKw/sendDocument

Targets

    • Target

      Rajahax.exe

    • Size

      138KB

    • MD5

      3a2efdd34244d2e32564be1ecd2ae2fb

    • SHA1

      a59fe64e0fcd7dd73bf1d6a748e3cf8416eef93f

    • SHA256

      248c2fb9b77901a03336a08aed6c8ad459b7853168160f233946b21bf786090f

    • SHA512

      3e19c0a0640a5a3ea51743fbba093dae7bd47c83d2a8f406d9872c8bc9cba8a4df28887156fd567e8f2f0436cfb6b80705da98ecde6f992c82441117959af31f

    • SSDEEP

      1536:kAxJAVmt6R/ZyWyElr+fuTdOp6dcDw0u0fZwn5y43RMlhfLLjl0ctdZPCs3Kj3h3:kAxJAQt0yWThdOp6bn5yWsdvt/PiSK

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks