Overview

overview

10

Static

static

10

VanishRaid...e).zip

windows7-x64

1

VanishRaid...e).zip

windows10-2004-x64

1

VanishRaid...sh.exe

windows7-x64

10

VanishRaid...sh.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VanishRaider-main (extract.me).zip

  • Size

    72KB

  • Sample

    250317-mrn6zs1ms9

  • MD5

    cec935dcddb4221e5bae730b55dbc906

  • SHA1

    9d9e0c3091905a2ff216b1ee6bbecf315e87c040

  • SHA256

    d00ec945953c4a7aa8a9f29b39acd08bcaf3fb72a721a7977eaa99438db96200

  • SHA512

    dcd315f192399b71bf75acc195419f54d1a82a49f74854a2f7c7c79f96d20c5b15f8e3e71efcee216eb3ade32c62cd27aafd08869c82cd9a78f3c87ccddc7b5a

  • SSDEEP

    768:BPtyale7TFIx3c1W+5vqlQsCcYtBk+iPxODMDytsvSoyPfQuC0dM58nbyX4HEU5Q:/3e7GmqlrCcYP65OoDy5ni0d3byXDt

Score
10/10
phemedronecredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7213845603:AAFFyxsyId9av6CCDVB1BCAM5hKLby41Dr8/sendDocument

Targets

    • Target

      VanishRaider-main (extract.me).zip

    • Size

      72KB

    • MD5

      cec935dcddb4221e5bae730b55dbc906

    • SHA1

      9d9e0c3091905a2ff216b1ee6bbecf315e87c040

    • SHA256

      d00ec945953c4a7aa8a9f29b39acd08bcaf3fb72a721a7977eaa99438db96200

    • SHA512

      dcd315f192399b71bf75acc195419f54d1a82a49f74854a2f7c7c79f96d20c5b15f8e3e71efcee216eb3ade32c62cd27aafd08869c82cd9a78f3c87ccddc7b5a

    • SSDEEP

      768:BPtyale7TFIx3c1W+5vqlQsCcYtBk+iPxODMDytsvSoyPfQuC0dM58nbyX4HEU5Q:/3e7GmqlrCcYP65OoDy5ni0d3byXDt

    Score
    1/10
    behavioral1behavioral2

    • Target

      VanishRaider-main/vanish.exe

    • Size

      137KB

    • MD5

      ac59764dee7fcebe61b0a9d70f87c1e1

    • SHA1

      4faba8946b946a6eeb121561417ae13e4ec8c606

    • SHA256

      c6487e1da77c82d40628312680ad43343cff5b92462ffeeffed30f46b23625ab

    • SHA512

      b71f1dbc069ee6612b0d6a136d77080f919958e7a6bcdf65260e04ac5efc484042aca0716dda8199970bf7f2d0f4864a4888e3b0dcfd1ef858c615f839c3ac65

    • SSDEEP

      3072:hOH2azx18xzWYlZ/naX58QBJmD5XXt8yVmiKoQk2s:Q109va9BMMyQ

    Score
    10/10
    phemedronecredential_accessspywarestealerdiscovery

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • Phemedrone family

      phemedrone

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks