General
Target

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

Size

1MB

Sample

220418-lapkrahfdn

Score
10/10
MD5

04a783a64f41dad6086b9d88110dec8e

SHA1

8e01e6682475c62ae4ba56456002ff974598eeda

SHA256

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

SHA512

6e6f1ae4c47919cf701ae3312286a45a680ad1c11f4239a0de6c8698fd74d20ae48b5fa4d2c7ccb2523d53e5427b1ea34976ef6081bf142ab75ebb1a9e6074b2

Malware Config
Targets
Target

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

MD5

04a783a64f41dad6086b9d88110dec8e

Filesize

1MB

Score
10/10
SHA1

8e01e6682475c62ae4ba56456002ff974598eeda

SHA256

a605976f5e046096af71c8fbdc2fb494b8b0af7017d7e1e54ca2d542492d1c4b

SHA512

6e6f1ae4c47919cf701ae3312286a45a680ad1c11f4239a0de6c8698fd74d20ae48b5fa4d2c7ccb2523d53e5427b1ea34976ef6081bf142ab75ebb1a9e6074b2

Tags

Signatures

  • Panda Stealer Payload

  • PandaStealer

    Description

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  Score
                  N/A

                  behavioral1

                  Score
                  10/10

                  behavioral2

                  Score
                  10/10