Analysis

  • max time kernel
    9s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-07-2021 15:29

General

  • Target

    04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe

  • Size

    5.7MB

  • MD5

    571d311fc434e77de22206602a9131d3

  • SHA1

    9b661c437983b9f903bf1d388e1d789b405af238

  • SHA256

    04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950

  • SHA512

    bbefbdee9fe118793e7a9c9856c13d9bb8e67eb19d6f4c67f9aa5ffe8f8cf7198fa5e0489fc5fdbb1f8dd6064f875f3cb21a5c41b70b3b8f01ded27440e75764

Malware Config

Signatures

  • Panda Stealer Payload 1 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe
    "C:\Users\Admin\AppData\Local\Temp\04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1840

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1840-61-0x0000000000260000-0x0000000000C01000-memory.dmp

    Filesize

    9.6MB

  • memory/1840-62-0x0000000000070000-0x0000000000071000-memory.dmp

    Filesize

    4KB

  • memory/1840-63-0x0000000074D91000-0x0000000074D93000-memory.dmp

    Filesize

    8KB