Overview

overview

10

Static

static

8

50c1e8df73...76.exe

windows7-x64

10

50c1e8df73...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2023, 15:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe

  • Size

    5.7MB

  • MD5

    b318c432e7e6baab2d606df72aed7eff

  • SHA1

    4fa94dc9e67d7d27097b4f1699a65767f728eb8d

  • SHA256

    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376

  • SHA512

    190fad1ac03fff9b5e3270c1442900b43bc2a95ddc34b3969bf82dbb2f63f0f1eced2126d0f3947128fb504154982f48acf2c16e09312c5a3bc6b2cc16f6e5b0

  • SSDEEP

    98304:gi3r5p6X9ns1Os7qxPniZb7Ieiqs9DCRKOypL7SxMeSiyDM/qW:h3ruy/W5niuei/9DCRKOOuxMx+q

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Signatures

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe
    "C:\Users\Admin\AppData\Local\Temp\50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1224

Network

  • flag-unknown
    DNS
    collector-node.us
    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe
    Remote address:
    8.8.8.8:53
    Request
    collector-node.us
    IN A
    Response
  • flag-unknown
    DNS
    collector-node.us
    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe
    Remote address:
    8.8.8.8:53
    Request
    collector-node.us
    IN A
    Response
  • flag-unknown
    DNS
    collector-steal.ga
    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe
    Remote address:
    8.8.8.8:53
    Request
    collector-steal.ga
    IN A
    Response
  • flag-unknown
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    106.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.89.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 93.184.221.240:80
    260 B
     5
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 93.184.221.240:80
    46 B
     40 B
     1
    1
  • 52.109.77.2:443
    40 B
     1
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 20.189.173.10:443
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    156 B
     3
  • 8.8.8.8:53
    collector-node.us
    dns
    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe
    126 B
     252 B
     2
    2

    DNS Request

    collector-node.us

    DNS Request

    collector-node.us

  • 8.8.8.8:53
    collector-steal.ga
    dns
    50c1e8df73c95943551d862ac8e58ff6a064a3b17cbc841d97589cb1a2e51376.exe
    64 B
     122 B
     1
    1

    DNS Request

    collector-steal.ga

  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

  • 8.8.8.8:53
    106.89.54.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    106.89.54.20.in-addr.arpa

  • 8.8.8.8:53
    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1224-132-0x0000000000EA0000-0x0000000001847000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1224-135-0x0000000000EA0000-0x0000000001847000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1224-136-0x0000000000EA0000-0x0000000001847000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1224-137-0x0000000000EA0000-0x0000000001847000-memory.dmp

    Filesize

    9.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.