Overview

overview

10

Static

static

10

btwGaban.exe

windows7_x64

10

btwGaban.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    92s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-06-2022 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    btwGaban.exe

  • Size

    681KB

  • MD5

    79a7debc04b66da7592ef55b768e46b4

  • SHA1

    c71876635a7dbda629302a388fd36a0ee7c4ebd5

  • SHA256

    7b8253ce462a3a1f6efcb7a7d27b8320751e90db7afd4846545d8e823bb8953e

  • SHA512

    49cb6f1ab6ca897d346a35c7d6ef4b17b3c2afbbc974cff64f216bf6baa6cb89d529afc88f745699eaf244e24a143a580edc28c5baf0c3fa285d62a197f10e5b

Score
10/10
pandastealerspywarestealersuricata

Malware Config

Signatures

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3

    suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3

    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\btwGaban.exe
    "C:\Users\Admin\AppData\Local\Temp\btwGaban.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1564

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads