pandastealer | 7f9aae6bfb07e15dc9b5fcd99112b126d7b9539e8aa464122c6edb3ac37bd9de | Triage

Analysis

max time kernel
114s
max time network
123s
platform
windows10_x64
resource
win10-en-20211014
submitted
04/12/2021, 20:30

Sharing

Report Analysis Logs

General

Target

qEhdsdwe.exe
Size

695KB
MD5

fbdd484e09bde5c9c41688a09f6d541b
SHA1

aecd1ac02c0cd16e2f471510b9704b978ad93a98
SHA256

7f9aae6bfb07e15dc9b5fcd99112b126d7b9539e8aa464122c6edb3ac37bd9de
SHA512

c22a8c193c0683be202fbb9a9773d1380b6fde914ddfd2daff83f30c3294fa616791c5b8b5aa5611c92bad5349fcbddd7e1aaf95849e51035efa7c0050521cba

Score

10^/10

pandastealer stealer

Malware Config

Signatures

Panda Stealer Payload 3 IoCs

resource	yara_rule
behavioral1/memory/2340-115-0x0000000000400000-0x00000000004AE000-memory.dmp	family_pandastealer
behavioral1/memory/2340-120-0x000000000045E27E-mapping.dmp	family_pandastealer
behavioral1/memory/2340-121-0x0000000000400000-0x00000000004AE000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2640 set thread context of 2340	2640	qEhdsdwe.exe	69

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2340	RegSvcs.exe
2340	RegSvcs.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2340	2640	qEhdsdwe.exe	69
PID 2640 wrote to memory of 2340	2640	qEhdsdwe.exe	69
PID 2640 wrote to memory of 2340	2640	qEhdsdwe.exe	69
PID 2640 wrote to memory of 2340	2640	qEhdsdwe.exe	69
PID 2640 wrote to memory of 2340	2640	qEhdsdwe.exe	69

C:\Users\Admin\AppData\Local\Temp\qEhdsdwe.exe
"C:\Users\Admin\AppData\Local\Temp\qEhdsdwe.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-115-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2340-121-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download