Malware sandboxing report by Hatching Triage

Target

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

Size

1MB

Sample

220418-lapkrahfdn

Score

10^/10

MD5

04a783a64f41dad6086b9d88110dec8e

SHA1

8e01e6682475c62ae4ba56456002ff974598eeda

SHA256

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

SHA512

6e6f1ae4c47919cf701ae3312286a45a680ad1c11f4239a0de6c8698fd74d20ae48b5fa4d2c7ccb2523d53e5427b1ea34976ef6081bf142ab75ebb1a9e6074b2

Target

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

MD5

04a783a64f41dad6086b9d88110dec8e

Filesize

1MB

Score

10^/10

SHA1

8e01e6682475c62ae4ba56456002ff974598eeda

SHA256

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

SHA512

6e6f1ae4c47919cf701ae3312286a45a680ad1c11f4239a0de6c8698fd74d20ae48b5fa4d2c7ccb2523d53e5427b1ea34976ef6081bf142ab75ebb1a9e6074b2

Signatures

Panda Stealer Payload
PandaStealer
Description

Panda Stealer is a fork of CollectorProject Stealer written in C++.
Tags

stealer pandastealer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags

evasion

TTPs

Query RegistryVirtualization/Sandbox Evasion
Checks BIOS information in registry
Description

BIOS information is often read in order to detect sandboxing environments.
TTPs

Query RegistrySystem Information Discovery
Identifies Wine through registry keys
Description

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Tags

evasion

TTPs

Query RegistryVirtualization/Sandbox Evasion
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Checks whether UAC is enabled
Tags

evasion trojan

TTPs

System Information Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Virtualization/Sandbox Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

Score

N/A

behavioral1

pandastealer evasion spyware stealer trojan

Score

10^/10

behavioral2

pandastealer evasion spyware stealer trojan

Score

10^/10

Tags

Signatures

Panda Stealer Payload

PandaStealer

Description

Tags

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Tags

TTPs

Checks BIOS information in registry

Description

TTPs

Identifies Wine through registry keys

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

static1

behavioral1

behavioral2