pandastealer | 27a9023efb80dcfb56b17dad33c6aa61535ed5a2f91ba7c8a15ffacaa7a00ad0

Analysis

Target

27a9023efb80dcfb56b17dad33c6aa61535ed5a2f91ba7c8a15ffacaa7a00ad0.exe
Size

349KB
MD5

166fc80622122cee7b94d4c317f70ee8
SHA1

a25135887c345d1952b0634643cc78db00b0344d
SHA256

27a9023efb80dcfb56b17dad33c6aa61535ed5a2f91ba7c8a15ffacaa7a00ad0
SHA512

13beab7e458a6966edf127ea37170afd9570b7669243bf990193253eaf5d7c3b43ae6d94be0f1eedd0e9dea108db2da3ce4909a025993565ca9a93ef0351c3f1

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
948	27a9023efb80dcfb56b17dad33c6aa61535ed5a2f91ba7c8a15ffacaa7a00ad0.exe

C:\Users\Admin\AppData\Local\Temp\27a9023efb80dcfb56b17dad33c6aa61535ed5a2f91ba7c8a15ffacaa7a00ad0.exe
"C:\Users\Admin\AppData\Local\Temp\27a9023efb80dcfb56b17dad33c6aa61535ed5a2f91ba7c8a15ffacaa7a00ad0.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:948

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/948-54-0x0000000074F21000-0x0000000074F23000-memory.dmp

Filesize
8KB

Download