Overview

overview

10

Static

static

8

ccbb51f967...00.exe

windows7_x64

10

ccbb51f967...00.exe

windows10_x64

10

Analysis

  • max time kernel
    5s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    06-07-2021 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccbb51f967e7942cd25210cf3f210e00.exe

  • Size

    5.0MB

  • MD5

    ccbb51f967e7942cd25210cf3f210e00

  • SHA1

    c6b38fd26b17ebf94d5800b5a6d52cec6d1af329

  • SHA256

    5b7559ef858b45a1aa79ed59ee28f0a8e4f117c07986f8ca6d5ed5df567a247c

  • SHA512

    8fb0f61707569bc690bc9be9c059412fd8febad20d86a1fd11587e365d971fcdd5febb9ba5bc058c75f902ee3504d52641b682817700b2b9cf5a4c26f3bdb4b7

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Signatures

  • Panda Stealer Payload 1 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccbb51f967e7942cd25210cf3f210e00.exe
    "C:\Users\Admin\AppData\Local\Temp\ccbb51f967e7942cd25210cf3f210e00.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1728

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1728-59-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1728-60-0x0000000000400000-0x0000000000C7B000-memory.dmp

    Filesize

    8.5MB

    Download

  • memory/1728-61-0x00000000753E1000-0x00000000753E3000-memory.dmp

    Filesize

    8KB

    Download