Analysis
-
max time kernel
148s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
09-06-2022 12:19
Static task
static1
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
svchost.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
svchost.exe
-
Size
1.4MB
-
MD5
f86af47d52c3cd035c137d3a3097d06f
-
SHA1
5ec629884fea63bb82e2dffa441dca353d5f80e4
-
SHA256
eb977a803d155ea25837fa400dff81e8336746e6ed9f563cfaee92a544104705
-
SHA512
5f39928faa0fb04f2abc80565eea16d3522073768e5acf729619a8d0cc549199826193b2eef1eb8d5dd0c664461522748c5b2c1c3568ffb0a0b851ec29ffc04e
Score
10/10
Malware Config
Extracted
Family
pandastealer
Version
1.11
C2
http://asdqwezxc.ru.xsph.ru
Signatures
-
Panda Stealer Payload 2 IoCs
resource yara_rule behavioral2/memory/2068-134-0x0000000000D80000-0x0000000001197000-memory.dmp family_pandastealer behavioral2/memory/2068-135-0x0000000000D80000-0x0000000001197000-memory.dmp family_pandastealer -
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
pid Process 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe 2068 svchost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2068 svchost.exe