Phemedrone

Malware updated 23 days ago (2024-11-29T14:29:53.998Z)
Download STIX
Preview STIX
Phemedrone is a type of malware, or malicious software, that can infiltrate systems through various channels such as suspicious downloads, emails, or websites. Once inside a system, it can wreak havoc by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been compared to another malware, Styx Stealer, in several aspects including country checks, anti-analysis functions, and anti-VM checks. However, there are notable differences between the two, with Phemedrone being more advanced in its capabilities. An analysis of different versions of Phemedrone Stealer and Styx Stealer revealed that Styx Stealer's code was based on an earlier version of Phemedrone released before September 2023. This conclusion came from observing certain features present in Phemedrone Stealer version 2.1.1 (dated September 1, 2023) that were absent in the analyzed sample of Styx Stealer. For instance, unlike Styx Stealer, newer versions of Phemedrone have the ability to encrypt data sent through Telegram using a unique key for each build of the malware. Additionally, a tagging feature was found in the new version of Phemedrone Stealer, which was not seen in Styx Stealer. In conclusion, while both Phemedrone and Styx Stealer pose significant threats as malware, Phemedrone exhibits more advanced capabilities and features. The core functionality of Styx Stealer was entirely copied from Phemedrone Stealer, but it does not have access to the latest versions and instead uses an older fork of Phemedrone as a source. Therefore, it lacks the enhanced functionalities found in newer versions of Phemedrone, such as the ability to encrypt data and the presence of a tagging feature.
Description last updated: 2024-10-17T11:45:24.440Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Phemedrone Stealer is a possible alias for Phemedrone. Phemedrone Stealer is a malicious software (malware) that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. It was observ
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Telegram
Vulnerability
Exploit
Windows
Payload
Exploits
Ransomware
Discord
Encryption
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-36025 Vulnerability is associated with Phemedrone. CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another priviUnspecified
5
The Windows Defender Smartscreen Bypass Vulnerability is associated with Phemedrone. The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exteUnspecified
2
Source Document References
Information about the Phemedrone Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
CERT-EU
a year ago