General
-
Target
http://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
-
Sample
250603-nvcssstqs6
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
Resource
win10v2004-20250502-en
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7213845603:AAFFyxsyId9av6CCDVB1BCAM5hKLby41Dr8/sendDocument
Targets
-
-
Target
http://www.mediafire.com/file/v04wcs9dlfq5ke0/VanishRaider-main.rar/file
-
Phemedrone family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
3Credentials In Files
3