pandastealer | 1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634

General

Target

1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe
Size

1.6MB
MD5

f1a70d656879dbdc6c3ce4f4fdfdb555
SHA1

9c9e1f1e03c0ae58cbe5cae2a2cb86847b3af653
SHA256

1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634
SHA512

95f2903f99798903b0802408307345874e126b15b313f249becf87453edc1c3a38001d35c5ce40f0462cb2daf5fabe6a1c77a00b69d19d205c0b721eb32e0679

Score

10^/10

Panda Stealer Payload 4 IoCs

resource	yara_rule
behavioral1/memory/864-66-0x0000000000400000-0x00000000004AD000-memory.dmp	family_pandastealer
behavioral1/memory/864-68-0x0000000000400000-0x00000000004AD000-memory.dmp	family_pandastealer
behavioral1/memory/864-70-0x0000000000400000-0x00000000004AD000-memory.dmp	family_pandastealer
behavioral1/memory/864-72-0x0000000000400000-0x00000000004AD000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1792 set thread context of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1524	864	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 1792 wrote to memory of 864	1792	1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe	27
PID 864 wrote to memory of 1524	864	mscorsvw.exe	28
PID 864 wrote to memory of 1524	864	mscorsvw.exe	28
PID 864 wrote to memory of 1524	864	mscorsvw.exe	28
PID 864 wrote to memory of 1524	864	mscorsvw.exe	28

memory/864-66-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/864-60-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/864-62-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/864-64-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/864-68-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/864-70-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/864-72-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/1792-55-0x0000000073FF0000-0x00000000746DE000-memory.dmp

Filesize
6.9MB

Download
memory/1792-56-0x0000000000390000-0x00000000003B0000-memory.dmp

Filesize
128KB

Download
memory/1792-57-0x00000000003D0000-0x00000000003F4000-memory.dmp

Filesize
144KB

Download
memory/1792-58-0x0000000004F60000-0x0000000004F61000-memory.dmp

Filesize
4KB

Download
memory/1792-59-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1792-54-0x0000000000D90000-0x0000000000F38000-memory.dmp

Filesize
1.7MB

Download