General

  • Target

    MetaSkins.rar

  • Size

    5.0MB

  • Sample

    250604-haya4sskt8

  • MD5

    ec54728256b63271e7e6ebc7dabf4700

  • SHA1

    7ea617155534598425e33c23bb561f7aabcf8375

  • SHA256

    4b75b0dbc96640f39e2e5b81250c8aa72c8d0131f2b88dbc4e6f996221b08b94

  • SHA512

    792c996a614869273f15e88246b4e7aeef0f4feb5b4a6d9e870529857597828515c67597be6a91ba5158f05cccf6586ad0ab76b4a4dd0fd4cbdffcfb9b293e47

  • SSDEEP

    98304:mUW6cprEGOGRMPbOSoMAcP+iWh4piNPN0oD+HbNxTZFF/VF5aJF6GtDkN:mUncZElGnMAc274ExD+7LZFFfIJF6GiN

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot7626348915:AAHjYT2xQ16qNV3nIGglFOcPC8p47ZBEoEI/sendDocument

Targets

    • Target

      Metaskins.exe

    • Size

      3.0MB

    • MD5

      06371375d7a6aaabfa85390109bbb3b4

    • SHA1

      56bb80ec0294b0c6bdea97bbccaf5f654cb180e9

    • SHA256

      4f7f6e2094b1390a4b8297e3d58651a1696f91f28c3ee2055de51f9c2cb1443b

    • SHA512

      c2eeb2e7bba7e89a48641b62e38955233a3fc696ec3b6453525d62f72d432992dd4fb463ae7a621b2ff1d9f13973167aad73eb2a0211b139b8bb578c82c6bd29

    • SSDEEP

      24576:b/XHh1x/I0Ef+hjl1Dhgfgot/Gtd+yAFX+D/z5jFIC5kzfnQ0Q+Htl:Dt/xEf+hjl1DKLAyc/lFleLQ0Q+N

    • Phemedrone

      An information and wallet stealer written in C#.

    • Phemedrone family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      modules/x64/d3d/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      a7349236212b0e5cec2978f2cfa49a1a

    • SHA1

      5abb08949162fd1985b89ffad40aaf5fc769017e

    • SHA256

      a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

    • SHA512

      c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

    • SSDEEP

      49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L

    Score
    1/10

MITRE ATT&CK Enterprise v16

Tasks