Overview

overview

10

Static

static

10

881ecae6e1...89.exe

windows7_x64

10

881ecae6e1...89.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294178s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    28-03-2022 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    881ecae6e1d75a8d9b4b2a33ed0c9eb9bbdd0a4a4e5efd28ed9d4bb75bc3dd89.exe

  • Size

    1.9MB

  • MD5

    5284725757caecb744665f5bf9875ee2

  • SHA1

    4e0a1115d4013796b44d952fce4fdc5d15c988e4

  • SHA256

    881ecae6e1d75a8d9b4b2a33ed0c9eb9bbdd0a4a4e5efd28ed9d4bb75bc3dd89

  • SHA512

    a0fe991673fba03b45ada2f04601f24bd8e921526ef911836d57c78fd2a2780d98ac7a1b6ce7056a3bdcc27b30d6aea1e081ffae6c4b8f0f9909abbaa375b6af

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Signatures

  • Panda Stealer Payload 2 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\881ecae6e1d75a8d9b4b2a33ed0c9eb9bbdd0a4a4e5efd28ed9d4bb75bc3dd89.exe
    "C:\Users\Admin\AppData\Local\Temp\881ecae6e1d75a8d9b4b2a33ed0c9eb9bbdd0a4a4e5efd28ed9d4bb75bc3dd89.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1936-54-0x0000000000EF0000-0x0000000001232000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1936-56-0x0000000000EF0000-0x0000000001232000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1936-57-0x00000000759B1000-0x00000000759B3000-memory.dmp

    Filesize

    8KB

    Download