General

  • Target

    498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9.exe

  • Size

    116KB

  • Sample

    241212-cr94caxkaw

  • MD5

    78c586522f986994aa77c466c9d678a8

  • SHA1

    4b9b13c3782ae532a140a33ba673dc65a37aa882

  • SHA256

    498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9

  • SHA512

    707ff5fcbb5e473583bec2d54aac25a3febe262c06025c9d88ddd5d30449b1454289eaa63bec848ca69147232474731052bef710e60c042d0c80e9c02486b5bb

  • SSDEEP

    1536:7DG01nFGLBQ+ZH3RSR9CJd6FLVTS6OSjl5eEJXopJ7xfYUCFkhTy3QFTiKCq:nFFFiMWJd6F5TnO65r+T1JQoTy3qTiY

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7105333862:AAE6XaSuAERR5F_VgpAajrgcx8b0mCmMnqM/sendDocument

Targets

    • Target

      498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9.exe

    • Size

      116KB

    • MD5

      78c586522f986994aa77c466c9d678a8

    • SHA1

      4b9b13c3782ae532a140a33ba673dc65a37aa882

    • SHA256

      498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9

    • SHA512

      707ff5fcbb5e473583bec2d54aac25a3febe262c06025c9d88ddd5d30449b1454289eaa63bec848ca69147232474731052bef710e60c042d0c80e9c02486b5bb

    • SSDEEP

      1536:7DG01nFGLBQ+ZH3RSR9CJd6FLVTS6OSjl5eEJXopJ7xfYUCFkhTy3QFTiKCq:nFFFiMWJd6F5TnO65r+T1JQoTy3qTiY

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks