General
-
Target
61363320425de4784c92e77c42fcd710526c3cbfefc21ac5119360f892e09cc5
-
Size
2.5MB
-
Sample
220319-sn3svscefk
-
MD5
ed08f49312feadd6690473e54ea2ebea
-
SHA1
3aac4c372c6fbef8370434ac97172ebd9f39e105
-
SHA256
61363320425de4784c92e77c42fcd710526c3cbfefc21ac5119360f892e09cc5
-
SHA512
9817fdf570e9334f649ec908f2d223803d449e62ba9793d35af8ce658551c7136e4d76f55daa01d540bbb1c0a3d021cd2af339c0d8c31b810acad9f1daac218e
Malware Config
Targets
-
-
Target
61363320425de4784c92e77c42fcd710526c3cbfefc21ac5119360f892e09cc5
-
Size
2.5MB
-
MD5
ed08f49312feadd6690473e54ea2ebea
-
SHA1
3aac4c372c6fbef8370434ac97172ebd9f39e105
-
SHA256
61363320425de4784c92e77c42fcd710526c3cbfefc21ac5119360f892e09cc5
-
SHA512
9817fdf570e9334f649ec908f2d223803d449e62ba9793d35af8ce658551c7136e4d76f55daa01d540bbb1c0a3d021cd2af339c0d8c31b810acad9f1daac218e
Score10/10-
Panda Stealer Payload
-
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-