pandastealer | 71e5de30f627eacb124f9f11d7ba70de43997847e88a61e440593ef9fd776bab

Analysis

Target

fd047a74224274e29409c2b841c2b306.exe
Size

681KB
MD5

fd047a74224274e29409c2b841c2b306
SHA1

94067fbee35addbdb6cc1b330aa6746415382f4f
SHA256

71e5de30f627eacb124f9f11d7ba70de43997847e88a61e440593ef9fd776bab
SHA512

32ef07e7882efe5109e49b5f48e6dc46e068ffb5a9154c4b0be1456692ada2f3b1a3ea3a0857ad0d4257062f7eac5e9658d910776f359bb0b92f00de5d0c6a52

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1728	fd047a74224274e29409c2b841c2b306.exe

C:\Users\Admin\AppData\Local\Temp\fd047a74224274e29409c2b841c2b306.exe
"C:\Users\Admin\AppData\Local\Temp\fd047a74224274e29409c2b841c2b306.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1728

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1728-60-0x0000000075161000-0x0000000075163000-memory.dmp

Filesize
8KB

Download