pandastealer | ca322f6d0db4e99ec9df55fa02ba3ef49557ce5ee932e44888a687418a91fbc4

Analysis

Target

2.exe
Size

681KB
MD5

ef7fe4b7b3228cd6489817ec4fd9dffa
SHA1

d913aa1d8028bf6e02a240b7c07d8638757af7fc
SHA256

ca322f6d0db4e99ec9df55fa02ba3ef49557ce5ee932e44888a687418a91fbc4
SHA512

c2f951b0a1098a93713b66bc735df52ac52793f9ecb98f0ad425f372cd13eadc430db0e733a33b9bd76986bfb6a28ba1676da565e84094ed3a68c7aaad1d8833

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4428	2.exe
4428	2.exe

C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact