pandastealer | 3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3 | Triage

Analysis

max time kernel
4294178s
max time network
126s
platform
windows7_x64
resource
win7-20220311-en
submitted
19/03/2022, 11:22 UTC

Sharing

Report Analysis Logs

General

Target

3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe
Size

5.7MB
MD5

049f2156be0f3e4f27637def01bf4957
SHA1

bb18618c3129f5d164599b1e44bd59af08e986d0
SHA256

3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3
SHA512

64a736aab483face7679ecb70a1ccdcbf24d23cf15a6f892277d66d8c5c615e748302d63196e41597224dea0383090313f19cd6137d8ef5f4f7e9b0782e02d90

Score

10^/10

pandastealer stealer vmprotect

Malware Config

Signatures

Panda Stealer Payload 1 IoCs

resource	yara_rule
behavioral1/memory/892-58-0x0000000000100000-0x0000000000A9D000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/892-58-0x0000000000100000-0x0000000000A9D000-memory.dmp	vmprotect

Program crash 1 IoCs

pid	pid_target	Process	procid_target
432	892	WerFault.exe	26

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
892	3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe

C:\Users\Admin\AppData\Local\Temp\3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe
"C:\Users\Admin\AppData\Local\Temp\3cb4050544f22e9adfa49585866df8cd815344747bc74b82468faff4e36523f3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:892
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 136
  2⤵
  - Program crash
  PID:432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-54-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/892-56-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/892-58-0x0000000000100000-0x0000000000A9D000-memory.dmp

Filesize
9.6MB

Download
memory/892-59-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download