pandastealer | f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087

Analysis

Target

f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe
Size

681KB
MD5

dd1dfb2adfb2c1d72938fa717f8c3b33
SHA1

d9b5cebd98b53554c3ffe6709d837cfd1e2ba0d5
SHA256

f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087
SHA512

2617040663ab8ad9c17d31ac4787edbff2be4f0cf36f104f1a5806f0a5f66c9fdb9947111efa559f20cc3003094c9b3283ef633cbd1a6496c1a37a356d2a52b3

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
580	f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe

C:\Users\Admin\AppData\Local\Temp\f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe
"C:\Users\Admin\AppData\Local\Temp\f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:580

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/580-54-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download