General

  • Target

    0dc6eaa2686ac36db59d5c8534676e64.jpg

  • Size

    122KB

  • Sample

    250226-1mskhatzav

  • MD5

    2d77c1cb0d5e11fac00fd70715e77dc9

  • SHA1

    a6abd916865bc94a26c076e2cb13be2a315eff90

  • SHA256

    f786c2cfd3a82f8629c3e6db6b08c32dc1bfcffe99068149caf108efe7db9811

  • SHA512

    fb069c58994e7306d602148c5a2e03466880cfe7a76a9d84873c7917e9bff7b929113781fecf5d835cf50daa9c593422942529df15b92e8925ec757a8d4b1ce9

  • SSDEEP

    3072:dF9tpluOAypv8Q2D8mvIMKz1rL51HjHVOlKc64D+FANS9vj7G:dbFuO7pFw84hU7TV0KXOsv+

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7213845603:AAFFyxsyId9av6CCDVB1BCAM5hKLby41Dr8/sendDocument

Targets

    • Target

      0dc6eaa2686ac36db59d5c8534676e64.jpg

    • Size

      122KB

    • MD5

      2d77c1cb0d5e11fac00fd70715e77dc9

    • SHA1

      a6abd916865bc94a26c076e2cb13be2a315eff90

    • SHA256

      f786c2cfd3a82f8629c3e6db6b08c32dc1bfcffe99068149caf108efe7db9811

    • SHA512

      fb069c58994e7306d602148c5a2e03466880cfe7a76a9d84873c7917e9bff7b929113781fecf5d835cf50daa9c593422942529df15b92e8925ec757a8d4b1ce9

    • SSDEEP

      3072:dF9tpluOAypv8Q2D8mvIMKz1rL51HjHVOlKc64D+FANS9vj7G:dbFuO7pFw84hU7TV0KXOsv+

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks