General
Target

svchost.exe

Size

1MB

Sample

220609-phacksccg2

Score
10/10
MD5

f86af47d52c3cd035c137d3a3097d06f

SHA1

5ec629884fea63bb82e2dffa441dca353d5f80e4

SHA256

eb977a803d155ea25837fa400dff81e8336746e6ed9f563cfaee92a544104705

SHA512

5f39928faa0fb04f2abc80565eea16d3522073768e5acf729619a8d0cc549199826193b2eef1eb8d5dd0c664461522748c5b2c1c3568ffb0a0b851ec29ffc04e

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://asdqwezxc.ru.xsph.ru

Targets
Target

svchost.exe

MD5

f86af47d52c3cd035c137d3a3097d06f

Filesize

1MB

Score
10/10
SHA1

5ec629884fea63bb82e2dffa441dca353d5f80e4

SHA256

eb977a803d155ea25837fa400dff81e8336746e6ed9f563cfaee92a544104705

SHA512

5f39928faa0fb04f2abc80565eea16d3522073768e5acf729619a8d0cc549199826193b2eef1eb8d5dd0c664461522748c5b2c1c3568ffb0a0b851ec29ffc04e

Tags

Signatures

  • Panda Stealer Payload

  • PandaStealer

    Description

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    Tags

  • suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3

    Description

    suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      10/10