Phemedrone Stealer

Malware updated 23 days ago (2024-11-29T13:36:59.763Z)
Download STIX
Preview STIX
Phemedrone Stealer is a malicious software (malware) that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. It was observed being used in attacks targeting a Windows Defender SmartScreen vulnerability, CVE-2023-36025, earlier in the year. The core functionality of another malware, Styx Stealer, was found to be entirely copied from Phemedrone Stealer, indicating its significant influence in the cybercrime landscape. Through comparative analysis of various versions of Phemedrone Stealer and Styx Stealer, researchers discovered multiple features present in the former that were absent in the latter. For instance, Phemedrone Stealer version 2.1.1, dated September 1, 2023, contained certain functionalities not found in the analyzed sample of Styx Stealer. These findings suggest that the code of Styx Stealer is based on an early version of Phemedrone Stealer, released before September 2023. The latest versions of Phemedrone Stealer have evolved to include more sophisticated features such as a unique tagging feature and the ability to send data to Telegram, encrypted with a unique key for each campaign. These advancements demonstrate the continuous development and adaptation of this malware, emphasizing the need for robust cybersecurity measures to counteract these threats.
Description last updated: 2024-10-17T12:00:14.209Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Phemedrone is a possible alias for Phemedrone Stealer. Phemedrone is a type of malware, or malicious software, that can infiltrate systems through various channels such as suspicious downloads, emails, or websites. Once inside a system, it can wreak havoc by stealing personal information, disrupting operations, or even holding data hostage for ransom. I
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Vulnerability
Malware
Exploit
Payload
Discord
Telegram
Styx
Ransomware
Encryption
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-36025 Vulnerability is associated with Phemedrone Stealer. CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another priviUnspecified
6
The Windows Defender Smartscreen Bypass Vulnerability is associated with Phemedrone Stealer. The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exteUnspecified
2
Source Document References
Information about the Phemedrone Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
4 months ago
Checkpoint
4 months ago
CERT-EU
a year ago
InfoSecurity-magazine
6 months ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Trend Micro
a year ago
CERT-EU
9 months ago