pandastealer | e16619ebcef0a7eb0e911750829529e0624108ff2014df78dc1ae01c94d53823

Analysis

Target

521b724e68f5ce9c832f3dcf7fdd6a37.exe
Size

681KB
MD5

521b724e68f5ce9c832f3dcf7fdd6a37
SHA1

a3236fe8cbadeb75e02de60ff512c5ff8a2c2695
SHA256

e16619ebcef0a7eb0e911750829529e0624108ff2014df78dc1ae01c94d53823
SHA512

0952b5d78e1e811ac223222a245d8ca72f72d505ee49c2d08ebbdb7c95b3760bd0a868eeb4c1c1b0aa2a70808b21c60815bada64000921da6f618ed3a13b584c

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1116	521b724e68f5ce9c832f3dcf7fdd6a37.exe

C:\Users\Admin\AppData\Local\Temp\521b724e68f5ce9c832f3dcf7fdd6a37.exe
"C:\Users\Admin\AppData\Local\Temp\521b724e68f5ce9c832f3dcf7fdd6a37.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1116

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1116-60-0x0000000075EF1000-0x0000000075EF3000-memory.dmp

Filesize
8KB

Download