Analysis
-
max time kernel
95s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2024 02:19
Behavioral task
behavioral1
Sample
498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9.exe
Resource
win10v2004-20241007-en
General
-
Target
498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9.exe
-
Size
116KB
-
MD5
78c586522f986994aa77c466c9d678a8
-
SHA1
4b9b13c3782ae532a140a33ba673dc65a37aa882
-
SHA256
498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9
-
SHA512
707ff5fcbb5e473583bec2d54aac25a3febe262c06025c9d88ddd5d30449b1454289eaa63bec848ca69147232474731052bef710e60c042d0c80e9c02486b5bb
-
SSDEEP
1536:7DG01nFGLBQ+ZH3RSR9CJd6FLVTS6OSjl5eEJXopJ7xfYUCFkhTy3QFTiKCq:nFFFiMWJd6F5TnO65r+T1JQoTy3qTiY
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7105333862:AAE6XaSuAERR5F_VgpAajrgcx8b0mCmMnqM/sendDocument
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Phemedrone family
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5088 498ac6b747691eb456fc24ac26c3932effca9b46e39740963120f711e72aefc9.exe