phemedrone | 985bab6356b010d5c1b6ac7b2e9bed88252cca665838d915e91c90787110aa41 | Triage

Sharing

General

Target

985bab6356b010d5c1b6ac7b2e9bed88252cca665838d915e91c90787110aa41.exe
Size

121KB
Sample

250116-eq3nzssner
MD5

4b258bdfe7abea8f3755f8c9118ade50
SHA1

d48d7c25649fa7f1d44b5dfaf80940470eb3bccb
SHA256

985bab6356b010d5c1b6ac7b2e9bed88252cca665838d915e91c90787110aa41
SHA512

39ee72edad823949ee0b53fa393ee9865554d3b0e3d1693877dfc2da8e5429c49a185c9e21061f8231d2bcf80a063937421ddfa73106b7a0417117c78a28601d
SSDEEP

3072:h74tACOnii3kcDFKzYbvfIsh+5rhYbpwEKT3uCd:54tACrFcDFKzYbJwHEKT

Score

10^/10

phemedrone credential_access spyware stealer

Malware Config

Targets

- Target
  
  985bab6356b010d5c1b6ac7b2e9bed88252cca665838d915e91c90787110aa41.exe
- Size
  
  121KB
- MD5
  
  4b258bdfe7abea8f3755f8c9118ade50
- SHA1
  
  d48d7c25649fa7f1d44b5dfaf80940470eb3bccb
- SHA256
  
  985bab6356b010d5c1b6ac7b2e9bed88252cca665838d915e91c90787110aa41
- SHA512
  
  39ee72edad823949ee0b53fa393ee9865554d3b0e3d1693877dfc2da8e5429c49a185c9e21061f8231d2bcf80a063937421ddfa73106b7a0417117c78a28601d
- SSDEEP
  
  3072:h74tACOnii3kcDFKzYbvfIsh+5rhYbpwEKT3uCd:54tACrFcDFKzYbJwHEKT
Score

10^/10

phemedrone credential_access spyware stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Phemedrone family
  phemedrone
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessspywarestealer

behavioral2

phemedronestealer