Analysis
-
max time kernel
38s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09-06-2022 12:19
Static task
static1
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
svchost.exe
Resource
win10v2004-20220414-en
General
-
Target
svchost.exe
-
Size
1.4MB
-
MD5
f86af47d52c3cd035c137d3a3097d06f
-
SHA1
5ec629884fea63bb82e2dffa441dca353d5f80e4
-
SHA256
eb977a803d155ea25837fa400dff81e8336746e6ed9f563cfaee92a544104705
-
SHA512
5f39928faa0fb04f2abc80565eea16d3522073768e5acf729619a8d0cc549199826193b2eef1eb8d5dd0c664461522748c5b2c1c3568ffb0a0b851ec29ffc04e
Malware Config
Extracted
pandastealer
1.11
http://asdqwezxc.ru.xsph.ru
Signatures
-
Panda Stealer Payload 4 IoCs
resource yara_rule behavioral1/memory/1984-56-0x0000000001170000-0x0000000001587000-memory.dmp family_pandastealer behavioral1/memory/1984-57-0x0000000001170000-0x0000000001587000-memory.dmp family_pandastealer behavioral1/memory/1984-58-0x0000000001170000-0x0000000001587000-memory.dmp family_pandastealer behavioral1/memory/1984-59-0x0000000001170000-0x0000000001587000-memory.dmp family_pandastealer -
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3
suricata: ET MALWARE Win32/CollectorStealer CnC Exfil M3
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
pid Process 1984 svchost.exe 1984 svchost.exe 1984 svchost.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1984 svchost.exe 1984 svchost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1984 svchost.exe