pandastealer | fcc72ee3f450741ccc5e3debb5a6aee0944a02c9cd68b6a1aba6fe60be666c0e

Analysis

Target

13d20cbf47b9e05e77f1bb589501a5a6.exe
Size

681KB
MD5

13d20cbf47b9e05e77f1bb589501a5a6
SHA1

e62740245437a5bc74ade13cb032426631faf6fd
SHA256

fcc72ee3f450741ccc5e3debb5a6aee0944a02c9cd68b6a1aba6fe60be666c0e
SHA512

5b63f84f8f08113cf6cc66af5df52b685045323e15c3d28797c1be6fd47df3055c254c1cc52b83e45c88f193542198edc8422ac500dfedc3d239d7ecfc51e9d8

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1104	13d20cbf47b9e05e77f1bb589501a5a6.exe

C:\Users\Admin\AppData\Local\Temp\13d20cbf47b9e05e77f1bb589501a5a6.exe
"C:\Users\Admin\AppData\Local\Temp\13d20cbf47b9e05e77f1bb589501a5a6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1104-59-0x0000000075EF1000-0x0000000075EF3000-memory.dmp

Filesize
8KB

Download