Behavioral task
behavioral1
Sample
ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe
Resource
win10v2004-20241007-en
General
-
Target
ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe
-
Size
138KB
-
MD5
03761d8dac7329f4615f845c2af68020
-
SHA1
0f7609cec5364fedca06126ca22c2d08d8a7a781
-
SHA256
ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87
-
SHA512
e491988e9f6e327a3d2cfaee8b7af5246f0bacebd1f07834c796cb2bf0514fb12af6d9415016f12ddd1f36c2ced74d9ab0b31d76f5680951dfccc7a059a380ec
-
SSDEEP
3072:pGyxO6HAjmjaa8OP7BJhi5fkuJ3hevv9CMqK:FOeAija07FhRvvr
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot8096061409:AAHjfIm6J1pNB64BDGreFzTd6Z4HVJYTZUo/sendDocument
Signatures
-
Phemedrone family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe
Files
-
ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ