pandastealer | 2e9dc6ff8304991e933824b25ecd46082eafabe3d8a3f2e19f6608c147b20b49

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-09-2022 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10.exe
Size

681KB
MD5

7aa52a13fa4cd67258a81acb18bec8ad
SHA1

146377332b9bade3a1512326b385f8950004d25f
SHA256

129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10
SHA512

11de25de8273964b84e52ec7862ea19b6e01eb5e5147a6113cd5a092e0b7356c9d8540e94ec38448753a8bf8c0f62cabd4af585dafebbf54d749c2a9acbc4a7f
SSDEEP

12288:VoJqNIPtNmO6IOOEp0TMlja7NRl2PSVikIyoyueh+AkHcnLwuukoCOD6zlfjOz+2:VoJEKZ6IEGTMxapRl2PSwHTehy6BU+p4

Score

10^/10

pandastealer spyware stealer

Malware Config

Signatures

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10.exe

pid process

1956 129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10.exe

pid	process
1956	129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10.exe

C:\Users\Admin\AppData\Local\Temp\129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10.exe
"C:\Users\Admin\AppData\Local\Temp\129d13a1399065a46b8fc48b4f9252285ef592e4f96b15b2238b44cca1646f10.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1956

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-54-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download