Phemedrone

Phemedrone is a type of malware, or malicious software, that can infiltrate systems through various channels such as suspicious downloads, emails, or websites. Once inside a system, it can wreak havoc by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been compared to another malware, Styx Stealer, in several aspects including country checks, anti-analysis functions, and anti-VM checks. However, there are notable differences between the two, with Phemedrone being more advanced in its capabilities. An analysis of different versions of Phemedrone Stealer and Styx Stealer revealed that Styx Stealer's code was based on an earlier version of Phemedrone released before September 2023. This conclusion came from observing certain features present in Phemedrone Stealer version 2.1.1 (dated September 1, 2023) that were absent in the analyzed sample of Styx Stealer. For instance, unlike Styx Stealer, newer versions of Phemedrone have the ability to encrypt data sent through Telegram using a unique key for each build of the malware. Additionally, a tagging feature was found in the new version of Phemedrone Stealer, which was not seen in Styx Stealer. In conclusion, while both Phemedrone and Styx Stealer pose significant threats as malware, Phemedrone exhibits more advanced capabilities and features. The core functionality of Styx Stealer was entirely copied from Phemedrone Stealer, but it does not have access to the latest versions and instead uses an older fork of Phemedrone as a source. Therefore, it lacks the enhanced functionalities found in newer versions of Phemedrone, such as the ability to encrypt data and the presence of a tagging feature.