pandastealer | f0dc61d1e7bcdb7bb9d521538db9f4380ebb382f8dec8629433b3181c8b42b8a

Analysis

max time kernel
75s
max time network
152s
platform
windows10_x64
resource
win10-en-20211208
submitted
10-01-2022 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7253e37821a58f94999228a8d8655e9c.exe
Size

1.2MB
MD5

7253e37821a58f94999228a8d8655e9c
SHA1

3a5d828823e6c05e996e0227a97d85a63edc4ad1
SHA256

f0dc61d1e7bcdb7bb9d521538db9f4380ebb382f8dec8629433b3181c8b42b8a
SHA512

f0053ea7526d37e5d6c0bdb8d945e984278a4ca67ab19f50efb90203c86337f18188786ada105cb214346d6fd7cc99c0d0ac3776e2e18acd105591d50f99a217

Score

10^/10

pandastealer spyware stealer

Malware Config

Signatures

Panda Stealer Payload 3 IoCs

resource	yara_rule
behavioral2/memory/712-116-0x0000000000BA0000-0x0000000000CAF000-memory.dmp	family_pandastealer
behavioral2/memory/712-119-0x0000000000BA0000-0x0000000000CAF000-memory.dmp	family_pandastealer
behavioral2/memory/712-120-0x0000000000BA0000-0x0000000000CAF000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
712	7253e37821a58f94999228a8d8655e9c.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
712	7253e37821a58f94999228a8d8655e9c.exe
712	7253e37821a58f94999228a8d8655e9c.exe
712	7253e37821a58f94999228a8d8655e9c.exe
712	7253e37821a58f94999228a8d8655e9c.exe

C:\Users\Admin\AppData\Local\Temp\7253e37821a58f94999228a8d8655e9c.exe
"C:\Users\Admin\AppData\Local\Temp\7253e37821a58f94999228a8d8655e9c.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:712

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/712-115-0x0000000000BA0000-0x0000000000CAF000-memory.dmp

Filesize
1.1MB

Download
memory/712-116-0x0000000000BA0000-0x0000000000CAF000-memory.dmp

Filesize
1.1MB

Download
memory/712-117-0x0000000000650000-0x000000000079A000-memory.dmp

Filesize
1.3MB

Download
memory/712-118-0x0000000000780000-0x0000000000782000-memory.dmp

Filesize
8KB

Download
memory/712-119-0x0000000000BA0000-0x0000000000CAF000-memory.dmp

Filesize
1.1MB

Download
memory/712-120-0x0000000000BA0000-0x0000000000CAF000-memory.dmp

Filesize
1.1MB

Download
memory/712-121-0x0000000073C60000-0x0000000073E22000-memory.dmp

Filesize
1.8MB

Download
memory/712-122-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-124-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-123-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-125-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-126-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-127-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-128-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-129-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-130-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-131-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-132-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-133-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-134-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-135-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-136-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-137-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-138-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-139-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-140-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-141-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-142-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-143-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-144-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-145-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-146-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-147-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-148-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-149-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-150-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-151-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-152-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-153-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-154-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-155-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-156-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-157-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-158-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-159-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-160-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-161-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-162-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-163-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-164-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-165-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-166-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-167-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-168-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-169-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-170-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-171-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-172-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-173-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-174-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-175-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-176-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-177-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-178-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download
memory/712-179-0x0000000000BA1000-0x0000000000C27000-memory.dmp

Filesize
536KB

Download