General

  • Target

    svchost.exe

  • Size

    1.4MB

  • Sample

    220609-pf2n2scce3

  • MD5

    f86af47d52c3cd035c137d3a3097d06f

  • SHA1

    5ec629884fea63bb82e2dffa441dca353d5f80e4

  • SHA256

    eb977a803d155ea25837fa400dff81e8336746e6ed9f563cfaee92a544104705

  • SHA512

    5f39928faa0fb04f2abc80565eea16d3522073768e5acf729619a8d0cc549199826193b2eef1eb8d5dd0c664461522748c5b2c1c3568ffb0a0b851ec29ffc04e

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://asdqwezxc.ru.xsph.ru

Targets

    • Target

      svchost.exe

    • Size

      1.4MB

    • MD5

      f86af47d52c3cd035c137d3a3097d06f

    • SHA1

      5ec629884fea63bb82e2dffa441dca353d5f80e4

    • SHA256

      eb977a803d155ea25837fa400dff81e8336746e6ed9f563cfaee92a544104705

    • SHA512

      5f39928faa0fb04f2abc80565eea16d3522073768e5acf729619a8d0cc549199826193b2eef1eb8d5dd0c664461522748c5b2c1c3568ffb0a0b851ec29ffc04e

    • Panda Stealer Payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3

      suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks