General

  • Target

    65b252796829ffd5d651dbefa426fc25181c706def40805991e3f136ffbe3da3

  • Size

    137KB

  • Sample

    241210-24bhzstpd1

  • MD5

    e4e356b3b629a68c3381c9943c9d2063

  • SHA1

    5ab614c8286d9e669523ce75513d52ad846a61c7

  • SHA256

    65b252796829ffd5d651dbefa426fc25181c706def40805991e3f136ffbe3da3

  • SHA512

    20a90773fffa1d1af89675dce6148c825593fab605af5bbeb8b01b0e0e7c3da292b9fee1d63900180b094da2e0e0d4e93b148bd4c6028a78a456945f54ad78f1

  • SSDEEP

    1536:xLxJ85iBe3IFUlZLNeC5bA12BfkOnfjjQuWu0Crz95obLAzW7B+wf+mYGiAW5Kk5:x1J85iBe8a+CJA12h5fI2/95UL3OOAf

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot5942488573:AAF1vG_VjN_6u_kG-5DCN2A38cJEKwUh3Oo/sendDocument

Targets

    • Target

      65b252796829ffd5d651dbefa426fc25181c706def40805991e3f136ffbe3da3

    • Size

      137KB

    • MD5

      e4e356b3b629a68c3381c9943c9d2063

    • SHA1

      5ab614c8286d9e669523ce75513d52ad846a61c7

    • SHA256

      65b252796829ffd5d651dbefa426fc25181c706def40805991e3f136ffbe3da3

    • SHA512

      20a90773fffa1d1af89675dce6148c825593fab605af5bbeb8b01b0e0e7c3da292b9fee1d63900180b094da2e0e0d4e93b148bd4c6028a78a456945f54ad78f1

    • SSDEEP

      1536:xLxJ85iBe3IFUlZLNeC5bA12BfkOnfjjQuWu0Crz95obLAzW7B+wf+mYGiAW5Kk5:x1J85iBe8a+CJA12h5fI2/95UL3OOAf

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks