pandastealer | cf333d7bb01d28a0a43127cd5c86c8fdfa390c03565bc30fca6ea49b1ef0b7b6

Analysis

Target

5a3eb1ba34e04f53b7bc135578a1610b.exe
Size

761KB
MD5

5a3eb1ba34e04f53b7bc135578a1610b
SHA1

2aa7c4bfab4850876020d0a5bcc2e93e037cd447
SHA256

cf333d7bb01d28a0a43127cd5c86c8fdfa390c03565bc30fca6ea49b1ef0b7b6
SHA512

6dbb576f5073381f32ec29806ff337f5cf598d442a21f4c437b4ae695b401587ec4c9da04e8421add0599c8a192461963ca4733e0e3a781cacc0e2b9e95fcf66

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
424	5a3eb1ba34e04f53b7bc135578a1610b.exe
424	5a3eb1ba34e04f53b7bc135578a1610b.exe

C:\Users\Admin\AppData\Local\Temp\5a3eb1ba34e04f53b7bc135578a1610b.exe
"C:\Users\Admin\AppData\Local\Temp\5a3eb1ba34e04f53b7bc135578a1610b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:424

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact