Overview

overview

10

Static

static

8

e265876e7f...36.exe

windows7-x64

10

e265876e7f...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e265876e7f41deaad3ee465d837b94ea7d3e214fa9e2bcfd7bbfe0431c0d5336

  • Size

    5.7MB

  • Sample

    230129-v55d5aha8t

  • MD5

    f047eefd6c8d86842e9bc69e66b59889

  • SHA1

    3ccec34545e50611de0d7dcc0a12a0caed02f282

  • SHA256

    e265876e7f41deaad3ee465d837b94ea7d3e214fa9e2bcfd7bbfe0431c0d5336

  • SHA512

    e13b01c3282e7aebf731098365bb6d9a7062ad68db039753684f7fdf2b2f6005afec72f912d02bf791c14256ff436fce504f7eb41db26e79fa0e52123c1c6367

  • SSDEEP

    98304:BiGHUsHH4/oSgSYrihBSGiIM9zo5kSg7cZho5H29rvYyVhSj5FefL40SJ:BZ3nawSY2hBSGiH9zo67AhTDYyX40SJ

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://aaaagay.tbg123123.beget.tech

Targets

    • Target

      e265876e7f41deaad3ee465d837b94ea7d3e214fa9e2bcfd7bbfe0431c0d5336

    • Size

      5.7MB

    • MD5

      f047eefd6c8d86842e9bc69e66b59889

    • SHA1

      3ccec34545e50611de0d7dcc0a12a0caed02f282

    • SHA256

      e265876e7f41deaad3ee465d837b94ea7d3e214fa9e2bcfd7bbfe0431c0d5336

    • SHA512

      e13b01c3282e7aebf731098365bb6d9a7062ad68db039753684f7fdf2b2f6005afec72f912d02bf791c14256ff436fce504f7eb41db26e79fa0e52123c1c6367

    • SSDEEP

      98304:BiGHUsHH4/oSgSYrihBSGiIM9zo5kSg7cZho5H29rvYyVhSj5FefL40SJ:BZ3nawSY2hBSGiH9zo67AhTDYyX40SJ

    Score
    10/10
    pandastealerspywarestealervmprotect

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks