General

  • Target

    ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe

  • Size

    138KB

  • Sample

    241210-gzwcdawmav

  • MD5

    03761d8dac7329f4615f845c2af68020

  • SHA1

    0f7609cec5364fedca06126ca22c2d08d8a7a781

  • SHA256

    ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87

  • SHA512

    e491988e9f6e327a3d2cfaee8b7af5246f0bacebd1f07834c796cb2bf0514fb12af6d9415016f12ddd1f36c2ced74d9ab0b31d76f5680951dfccc7a059a380ec

  • SSDEEP

    3072:pGyxO6HAjmjaa8OP7BJhi5fkuJ3hevv9CMqK:FOeAija07FhRvvr

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8096061409:AAHjfIm6J1pNB64BDGreFzTd6Z4HVJYTZUo/sendDocument

Targets

    • Target

      ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe

    • Size

      138KB

    • MD5

      03761d8dac7329f4615f845c2af68020

    • SHA1

      0f7609cec5364fedca06126ca22c2d08d8a7a781

    • SHA256

      ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87

    • SHA512

      e491988e9f6e327a3d2cfaee8b7af5246f0bacebd1f07834c796cb2bf0514fb12af6d9415016f12ddd1f36c2ced74d9ab0b31d76f5680951dfccc7a059a380ec

    • SSDEEP

      3072:pGyxO6HAjmjaa8OP7BJhi5fkuJ3hevv9CMqK:FOeAija07FhRvvr

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks