pandastealer | 7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8 | Triage

Submit
Reports

Overview

overview

Static

static

8

7c3a055a28...f8.exe

windows7-x64

7c3a055a28...f8.exe

windows10-2004-x64

Sharing

General

Target

7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8
Size

5.7MB
Sample

221125-lr8d7acd3t
MD5

10d95152032b35c3861c2f1b3fb701fc
SHA1

1f99925ed6de536af3ee86ebf0794b518f24ca2f
SHA256

7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8
SHA512

2f234cce171ae6f6341e2740237553fe2b30f66bb7d5e7707159d437c0e129273ffa70317b74c7136f2864fb75f00f94f88854c423690d78fab3242159eece7a
SSDEEP

98304:k5uRVDojz+nDoihvKbKnLwsSZleNDP+oBlN05/te/3b/w/424y7Xbjn:kEXnDBhvuScsu87+oBl+JA3b/I1fjn

Score

10^/10

pandastealer spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8.exe

Resource

win7-20221111-en

pandastealer spyware stealer vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8.exe

Resource

win10v2004-20220901-en

pandastealer spyware stealer vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://jsimsyjnko.000webhostapp.com

Targets

- Target
  
  7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8
- Size
  
  5.7MB
- MD5
  
  10d95152032b35c3861c2f1b3fb701fc
- SHA1
  
  1f99925ed6de536af3ee86ebf0794b518f24ca2f
- SHA256
  
  7c3a055a28e49d10815df4079f6576451356e013d12113c19e03f32c5923e3f8
- SHA512
  
  2f234cce171ae6f6341e2740237553fe2b30f66bb7d5e7707159d437c0e129273ffa70317b74c7136f2864fb75f00f94f88854c423690d78fab3242159eece7a
- SSDEEP
  
  98304:k5uRVDojz+nDoihvKbKnLwsSZleNDP+oBlN05/te/3b/w/424y7Xbjn:kEXnDBhvuScsu87+oBl+JA3b/I1fjn
Score

10^/10

pandastealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pandastealerspywarestealervmprotect

behavioral2

pandastealerspywarestealervmprotect

© 2018-2024

Terms | Privacy