pandastealer | af83f9d7d6c5d0fd237ffb49bd4f8445a2b67804412675fa48af711561ba9ff0

Analysis

Target

build.bin.exe
Size

681KB
MD5

b8c1bef88b1e73360c271cd305824747
SHA1

9ded8f519e2b6db7ab544a107200a30c46b85993
SHA256

326c3a193954794ccabb524de45047f262a049198bf392172589a49ada0e5e93
SHA512

bf79bc6ab68a0b05521fffe44dd41e27f023d734a92a14e7cecfbbc98c03efb521a8159fb492f4e568c2b906b1ac63a59355dc536f4b9f73cdd5841b2cecb9f8

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4796	build.bin.exe
4796	build.bin.exe

C:\Users\Admin\AppData\Local\Temp\build.bin.exe
"C:\Users\Admin\AppData\Local\Temp\build.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4796

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact