Overview

overview

10

Static

static

8

571d311fc4...d3.exe

windows7_x64

10

571d311fc4...d3.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    02-07-2021 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    571d311fc434e77de22206602a9131d3.exe

  • Size

    5.7MB

  • MD5

    571d311fc434e77de22206602a9131d3

  • SHA1

    9b661c437983b9f903bf1d388e1d789b405af238

  • SHA256

    04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950

  • SHA512

    bbefbdee9fe118793e7a9c9856c13d9bb8e67eb19d6f4c67f9aa5ffe8f8cf7198fa5e0489fc5fdbb1f8dd6064f875f3cb21a5c41b70b3b8f01ded27440e75764

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Signatures

  • Panda Stealer Payload 1 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\571d311fc434e77de22206602a9131d3.exe
    "C:\Users\Admin\AppData\Local\Temp\571d311fc434e77de22206602a9131d3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1748-59-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1748-60-0x00000000012F0000-0x0000000001C91000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1748-62-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download