Analysis
-
max time kernel
131s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
28-03-2022 21:01
General
-
Target
f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe
-
Size
681KB
-
MD5
dd1dfb2adfb2c1d72938fa717f8c3b33
-
SHA1
d9b5cebd98b53554c3ffe6709d837cfd1e2ba0d5
-
SHA256
f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087
-
SHA512
2617040663ab8ad9c17d31ac4787edbff2be4f0cf36f104f1a5806f0a5f66c9fdb9947111efa559f20cc3003094c9b3283ef633cbd1a6496c1a37a356d2a52b3
Score
10/10
Malware Config
Signatures
-
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe"C:\Users\Admin\AppData\Local\Temp\f7568b876220f09e36a56846ceb13604f98bcc1b6ba22201fb708c07cd071087.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry