Analysis
-
max time kernel
9s -
max time network
14s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
30-07-2021 15:29
Static task
static1
Behavioral task
behavioral1
Sample
04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe
Resource
win10v20210410
General
-
Target
04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe
-
Size
5.7MB
-
MD5
571d311fc434e77de22206602a9131d3
-
SHA1
9b661c437983b9f903bf1d388e1d789b405af238
-
SHA256
04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950
-
SHA512
bbefbdee9fe118793e7a9c9856c13d9bb8e67eb19d6f4c67f9aa5ffe8f8cf7198fa5e0489fc5fdbb1f8dd6064f875f3cb21a5c41b70b3b8f01ded27440e75764
Malware Config
Signatures
-
Panda Stealer Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1840-61-0x0000000000260000-0x0000000000C01000-memory.dmp family_pandastealer -
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Processes:
resource yara_rule behavioral1/memory/1840-61-0x0000000000260000-0x0000000000C01000-memory.dmp vmprotect -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exepid process 1840 04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe 1840 04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe