phemedrone | 7d955bb75c0eb8d8c50d911cfb6320df0c7af260d16522c71b5a8e8f52d121c4 | Triage

Sharing

General

Target

2025-02-02_37c5e2de42bc44f855e4316f85b5ed8d_cobalt-strike_ryuk
Size

1.1MB
Sample

250202-vqqbnatkbq
MD5

37c5e2de42bc44f855e4316f85b5ed8d
SHA1

a8743e31caac1fbb101646d43f9ce7d5479567ad
SHA256

7d955bb75c0eb8d8c50d911cfb6320df0c7af260d16522c71b5a8e8f52d121c4
SHA512

5a3a37ef1c204c8a55d324f6fe96a949f685aa28d11b64c949710369a9ed31d380422a6922eca8c71002922f6e1417996b33fa39d66cd6c9484f66408697a81f
SSDEEP

24576:Eec44mam9NMNfs5KpQnBOeC+aMQNo/80:Z4hmq05KpQnB++CWr

Score

10^/10

phemedrone credential_access discovery stealer

Malware Config

Extracted

Family

phemedrone

C2

195.20.18.146:8080

Targets

- Target
  
  2025-02-02_37c5e2de42bc44f855e4316f85b5ed8d_cobalt-strike_ryuk
- Size
  
  1.1MB
- MD5
  
  37c5e2de42bc44f855e4316f85b5ed8d
- SHA1
  
  a8743e31caac1fbb101646d43f9ce7d5479567ad
- SHA256
  
  7d955bb75c0eb8d8c50d911cfb6320df0c7af260d16522c71b5a8e8f52d121c4
- SHA512
  
  5a3a37ef1c204c8a55d324f6fe96a949f685aa28d11b64c949710369a9ed31d380422a6922eca8c71002922f6e1417996b33fa39d66cd6c9484f66408697a81f
- SSDEEP
  
  24576:Eec44mam9NMNfs5KpQnBOeC+aMQNo/80:Z4hmq05KpQnB++CWr
Score

10^/10

phemedrone credential_access discovery stealer
- Phemedrone
  An information and wallet stealer written in C#.
  stealer phemedrone
- Phemedrone family
  phemedrone
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phemedronecredential_accessdiscoverystealer

behavioral2

phemedronediscoverystealer