phemedrone | qqnal04[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

qqnal04.exe
Size

122KB
MD5

b63e93f067d727c983c46012f35647d4
SHA1

07591cf86732d0e0b1f822eef2147c24bda77df3
SHA256

eebb47c48137f331e9e7e203763300c343a3643f88c60318667b5d525c40a058
SHA512

1d21215f2576df3197ba26a4e139e89b9fc72a2337ac641495d946aedb0bb416da9513d9feafbd4201e3b6dc89165623016d9e992032cfdbd417c37363f4a9d5
SSDEEP

1536:gE6Md2HIvcb2jJFEhFyYwDXEqECixQ7+5M9eNSarewEKweuH4Xjt/0g:gEhzcajJJYwrhTw5weYaKwEKtu8jN0g

Score

10^/10

phemedrone

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot7105371916:AAHmKYUFBY4gzPciIZ6nC4H-7mczREtwqxk/sendMessage?chat_id=8013500311

Signatures

Phemedrone family
phemedrone

Files

qqnal04.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:98:51:9e:06:0a:e3:f8:ba:1a:40
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2020 10:39

Not After

27-02-2021 10:39

Subject

SERIALNUMBER=1154827021909,CN=Promresurs LLC,O=Promresurs LLC,STREET=Yunosheskaya St.\, 50A\, lit. A1 room 4,L=Lipetsk,ST=Lipetsk Oblast,C=RU,1.2.840.113549.1.9.1=#0c10706b6861636840676d61696c2e636f6d,1.3.6.1.4.1.311.60.2.1.2=#130e4c69706574736b204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:fc:c5:a0:56:1d:9d:d6:da:73:76:a6:22:29:95:7b:25:e2:30:56:4b:e5:3c:bc:c1:e7:9f:06:37:b6:1c:b3
Signer

Actual PE Digest

95:fc:c5:a0:56:1d:9d:d6:da:73:76:a6:22:29:95:7b:25:e2:30:56:4b:e5:3c:bc:c1:e7:9f:06:37:b6:1c:b3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\grove\Рабочий стол\mw\csharp\Phemedrone Stealer V2.3.2\Phemedrone-Stealer\obj\Release\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

47:94:98:51:9e:06:0a:e3:f8:ba:1a:40Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

95:fc:c5:a0:56:1d:9d:d6:da:73:76:a6:22:29:95:7b:25:e2:30:56:4b:e5:3c:bc:c1:e7:9f:06:37:b6:1c:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 114KB - Virtual size: 113KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

47:94:98:51:9e:06:0a:e3:f8:ba:1a:40
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

95:fc:c5:a0:56:1d:9d:d6:da:73:76:a6:22:29:95:7b:25:e2:30:56:4b:e5:3c:bc:c1:e7:9f:06:37:b6:1c:b3
Signer

.text
Size: 114KB - Virtual size: 113KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B