Phemedrone

Malware updated a month ago (2024-10-17T12:02:25.421Z)

Download STIX

Preview STIX

Phemedrone is a type of malware, or malicious software, that can infiltrate systems through various channels such as suspicious downloads, emails, or websites. Once inside a system, it can wreak havoc by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been compared to another malware, Styx Stealer, in several aspects including country checks, anti-analysis functions, and anti-VM checks. However, there are notable differences between the two, with Phemedrone being more advanced in its capabilities. An analysis of different versions of Phemedrone Stealer and Styx Stealer revealed that Styx Stealer's code was based on an earlier version of Phemedrone released before September 2023. This conclusion came from observing certain features present in Phemedrone Stealer version 2.1.1 (dated September 1, 2023) that were absent in the analyzed sample of Styx Stealer. For instance, unlike Styx Stealer, newer versions of Phemedrone have the ability to encrypt data sent through Telegram using a unique key for each build of the malware. Additionally, a tagging feature was found in the new version of Phemedrone Stealer, which was not seen in Styx Stealer. In conclusion, while both Phemedrone and Styx Stealer pose significant threats as malware, Phemedrone exhibits more advanced capabilities and features. The core functionality of Styx Stealer was entirely copied from Phemedrone Stealer, but it does not have access to the latest versions and instead uses an older fork of Phemedrone as a source. Therefore, it lacks the enhanced functionalities found in newer versions of Phemedrone, such as the ability to encrypt data and the presence of a tagging feature.

Description last updated: 2024-10-17T11:45:24.440Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Phemedrone Stealer is a possible alias for Phemedrone. Phemedrone Stealer is a malicious software (malware) that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. It was observ	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Vulnerability

Exploit

Windows

Payload

Exploits

Ransomware

Discord

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-36025 Vulnerability is associated with Phemedrone. CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privi	Unspecified	5
The Windows Defender Smartscreen Bypass Vulnerability is associated with Phemedrone. The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exte	Unspecified	2

Source Document References

Information about the Phemedrone Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	3 months ago	Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU	10 months ago	Hackers Exploiting Windows Defender SmartScreen Flaw \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting