Overview

overview

10

Static

static

CS SkinCHANGER.exe

windows7_x64

10

CS SkinCHANGER.exe

windows10_x64

10

Free Disco...ro.exe

windows7_x64

10

Free Disco...ro.exe

windows10_x64

10

Analysis

  • max time kernel
    51s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    20/05/2021, 05:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CS SkinCHANGER.exe

  • Size

    1016KB

  • MD5

    4baf19886d71c6d9312b3a71dcfea37e

  • SHA1

    ebacfba77117ec07d108f1b80e419be9674a48da

  • SHA256

    1d2005df287958967e785ebc022f183ed7b3878b631d75d61ed8d94bcda0ee58

  • SHA512

    0bb4d418ca83f1f85edcfbea1cf3704d42ebb9e3092c70f0a982238210adc9b51cfa47f19df67f7f2714444f04ac4bbf27887724f1dbcd6d1ba84c872074067c

Score
10/10
pandastealeragilenetspywarestealer

Malware Config

Signatures

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CS SkinCHANGER.exe
    "C:\Users\Admin\AppData\Local\Temp\CS SkinCHANGER.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\Users\Admin\AppData\Local\Temp\CS SkinCHANGER.exe
      "C:\Users\Admin\AppData\Local\Temp\CS SkinCHANGER.exe"
      2⤵
        PID:1648

    Network

    • flag-unknown
      DNS
      collector-node.us
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-node.us
      IN A
    • flag-unknown
      DNS
      collector-node.us
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-node.us
      IN A
    • flag-unknown
      DNS
      collector-node.us
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-node.us
      IN A
    • flag-unknown
      DNS
      collector-node.us
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-node.us
      IN A
    • flag-unknown
      DNS
      collector-node.us
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-node.us
      IN A
    • flag-unknown
      DNS
      collector-steal.ga
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-steal.ga
      IN A
    • flag-unknown
      DNS
      collector-steal.ga
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-steal.ga
      IN A
    • flag-unknown
      DNS
      collector-steal.ga
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-steal.ga
      IN A
    • flag-unknown
      DNS
      collector-steal.ga
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-steal.ga
      IN A
    • flag-unknown
      DNS
      collector-steal.ga
      CS SkinCHANGER.exe
      Remote address:
      8.8.8.8:53
      Request
      collector-steal.ga
      IN A
    No results found
    • 8.8.8.8:53
      collector-node.us
      dns
      CS SkinCHANGER.exe
      315 B
       5

      DNS Request

      collector-node.us

      DNS Request

      collector-node.us

      DNS Request

      collector-node.us

      DNS Request

      collector-node.us

      DNS Request

      collector-node.us

    • 8.8.8.8:53
      collector-steal.ga
      dns
      CS SkinCHANGER.exe
      320 B
       5

      DNS Request

      collector-steal.ga

      DNS Request

      collector-steal.ga

      DNS Request

      collector-steal.ga

      DNS Request

      collector-steal.ga

      DNS Request

      collector-steal.ga

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/468-59-0x0000000001390000-0x0000000001391000-memory.dmp

      Filesize

      4KB

      Download

    • memory/468-61-0x0000000004E90000-0x0000000004E91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/468-62-0x00000000005D0000-0x00000000005DA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1648-63-0x0000000000400000-0x00000000004CD000-memory.dmp

      Filesize

      820KB

      Download

    • memory/1648-65-0x0000000000400000-0x00000000004CD000-memory.dmp

      Filesize

      820KB

      Download

    • memory/1648-66-0x0000000075051000-0x0000000075053000-memory.dmp

      Filesize

      8KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.