pandastealer | 5f593aa2cd5caba184fe408ce614c6c6efc98005758514d8415351b03156a43b

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-01-2023 13:55

Target

file.exe
Size

681KB
MD5

bd0c0d6642eaa618973b583c21dd996b
SHA1

80d439ff5c33e430709755e0378aad58e8c8b2cb
SHA256

5f593aa2cd5caba184fe408ce614c6c6efc98005758514d8415351b03156a43b
SHA512

938adb3dac6af7b12f4ec8e7fcd480bb7c0184a895e4c4b014f5473554e3ad957a8146f5f0b0b633c3394384012a84f60d503c45b12e853e2523c7efbcbbd10f
SSDEEP

12288:VoJqNIPtNmO6IOOEp0TMlja7NRl2PSVikIyoyueh+AkHcnLwuukoCOD6zlajOz+2:VoJEKZ6IEGTMxapRl2PSwHTehy6B5+p4

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1768	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1768-54-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download