Phemedrone Stealer

Malware updated 22 days ago (2024-08-16T18:17:39.715Z)

Download STIX

Preview STIX

Phemedrone Stealer is a type of malware that infiltrates systems to extract sensitive data. It has been found to have similar functionalities to another malware known as Styx Stealer, as evidenced by the country checks, anti-analysis function, and anti-VM checks in both malwares, according to Figures 32, 30, and 31 respectively. A comparative analysis of their report headers (Figure 8) revealed that the core functionality of Styx Stealer was entirely copied from Phemedrone Stealer. However, there are distinct differences, such as the tagging feature present in the newer version of Phemedrone Stealer which is absent in Styx Stealer (Figure 33). A version of Phemedrone Stealer dated September 1, 2023, showcased features not found in the analyzed sample of Styx Stealer. This led to the conclusion that the code for Styx Stealer was based on an earlier version of Phemedrone Stealer released before September 2023. The latest versions of Phemedrone Stealer have advanced capabilities, including a feature that allows it to send data to Telegram and encrypt it with a unique key for each campaign. In addition, a document was discovered that was structured similarly to Phemedrone Stealer but had a different header containing the identifier "Styx Stealer". This further emphasizes the connection between the two types of malware and suggests that they may be part of related or coordinated malicious activities. The ongoing investigation and comparison of these two malware types will provide further insights into their functionalities and potential countermeasures.

Description last updated: 2024-08-16T18:16:38.038Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Phemedrone	5	Phemedrone is a malicious software (malware) that has been designed to exploit and damage computer systems. This malware operates by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it gains access, Phemedrone can steal personal informa

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Windows

Vulnerability

Malware

Exploit

Payload

Discord

Styx

Ransomware

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2023-36025	Unspecified	6	CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privi
Windows Defender Smartscreen Bypass	Unspecified	2	The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exte

Source Document References

Information about the Phemedrone Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	17 days ago	'Styx Stealer' Blows Its Own Cover With Sloppy OpSec Mistake
Checkpoint	22 days ago	Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
CERT-EU	8 months ago	Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
InfoSecurity-magazine	2 months ago	Modular Malware Boolka’s BMANAGER Trojan Exposed
CERT-EU	8 months ago	Hackers Exploiting Windows Defender SmartScreen Flaw \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
Securityaffairs	8 months ago	Phemedrone campaign exploits Windows smartScreen bypass
CERT-EU	8 months ago	Crypto Malware Designed for Windows Hacking on the Loose \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	How to exploit Windows Defender Antivirus to infect a device with malware
CERT-EU	8 months ago	Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer
InfoSecurity-magazine	8 months ago	Phemedrone Stealer Targets Windows Defender Flaw Despite Patch
CERT-EU	8 months ago	Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) - Help Net Security
CERT-EU	8 months ago	Data-theft malware exploits Windows Defender SmartScreen
Trend Micro	8 months ago	CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
CERT-EU	6 months ago	Malware Alert - Increasing Trend of DarkGate Malware Attacks Exploiting Microsoft Windows SmartScreen's Critical Vulnerability