pandastealer | bc5ccf5c2fd07b5e724993a96c922bad98357f011cf4333aef2099f0d6cb5088 | Triage

Sharing

General

Target

bc5ccf5c2fd07b5e724993a96c922bad98357f011cf4333aef2099f0d6cb5088
Size

3.7MB
Sample

230129-ws36zahh8x
MD5

3cb35ccc14e1bbfa6ff120d9bc2f8629
SHA1

58ba6d9316a4084d53623ebca6481f8a6beb71b2
SHA256

bc5ccf5c2fd07b5e724993a96c922bad98357f011cf4333aef2099f0d6cb5088
SHA512

c4feee8608e3e01dffb8415913151566e551d03c2876f4920a382cd735d4c81994603c8ee7c0d279072307ef7d4517fadf552ba1cf3868da1bf22eb42a60f54e
SSDEEP

98304:D1YOFli1j5PODJSbb6XEuOZ6a0IpEiNMENTUe7:pYOFli95P4JSfT/6yEiNKe7

Score

10^/10

pandastealer evasion spyware stealer

Malware Config

Targets

- Target
  
  bc5ccf5c2fd07b5e724993a96c922bad98357f011cf4333aef2099f0d6cb5088
- Size
  
  3.7MB
- MD5
  
  3cb35ccc14e1bbfa6ff120d9bc2f8629
- SHA1
  
  58ba6d9316a4084d53623ebca6481f8a6beb71b2
- SHA256
  
  bc5ccf5c2fd07b5e724993a96c922bad98357f011cf4333aef2099f0d6cb5088
- SHA512
  
  c4feee8608e3e01dffb8415913151566e551d03c2876f4920a382cd735d4c81994603c8ee7c0d279072307ef7d4517fadf552ba1cf3868da1bf22eb42a60f54e
- SSDEEP
  
  98304:D1YOFli1j5PODJSbb6XEuOZ6a0IpEiNMENTUe7:pYOFli95P4JSfT/6yEiNKe7
Score

10^/10

pandastealer evasion spyware stealer
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerevasionspywarestealer

behavioral2

pandastealerevasionspywarestealer