pandastealer | 23acdd1f64bbf85d8d6f8f29bad826464d6ecf0160e8975e55bfcf3cce891f01

Analysis

Target

c3a53874df34b80a7858624deaf0d520.exe
Size

681KB
MD5

c3a53874df34b80a7858624deaf0d520
SHA1

dbeab3358939f269a46beae238181d81a4613919
SHA256

23acdd1f64bbf85d8d6f8f29bad826464d6ecf0160e8975e55bfcf3cce891f01
SHA512

0d8ef6df023cb0259f26b799473717a8924b51e0d282902b74b92783354ba4fd9d269fddfc63e31151fe64546ccf3d48402f8413b77a9957fa67c21a946768f5

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3244	c3a53874df34b80a7858624deaf0d520.exe
3244	c3a53874df34b80a7858624deaf0d520.exe

C:\Users\Admin\AppData\Local\Temp\c3a53874df34b80a7858624deaf0d520.exe
"C:\Users\Admin\AppData\Local\Temp\c3a53874df34b80a7858624deaf0d520.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3244

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact