pandastealer | 2949ae862f29a51027ade70cc02e483439f4c3aba6e42e6623daced3714d1b60 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

2949ae862f29a51027ade70cc02e483439f4c3aba6e42e6623daced3714d1b60
Size

229KB
Sample

230219-tnqnzafd41
MD5

73fa447cb47faf3e975479de5cc60cd8
SHA1

b2025bb55894a18d4bba9ecdad14f50109349f33
SHA256

2949ae862f29a51027ade70cc02e483439f4c3aba6e42e6623daced3714d1b60
SHA512

fcc346590d63cfb1afc39c2098d4fde29ece80a9f3dcf2d4c1c8dcdce84aac4714c1cbef25d14f27e418e3ae68c86c4b4858b23907b9006285f9045f2ef6fb50
SSDEEP

3072:+n92UWxHILc1PuADtH20n41epgs13BxzXzqlK2Ylzb8QDeFVvQPtB7fVS:5xHILdADPn4wph13BNOG7DeFMj7f

Score

10^/10

pandastealer smokeloader backdoor stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2949ae862f29a51027ade70cc02e483439f4c3aba6e42e6623daced3714d1b60.exe

Resource

win10v2004-20221111-en

pandastealer smokeloader backdoor stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2949ae862f29a51027ade70cc02e483439f4c3aba6e42e6623daced3714d1b60
- Size
  
  229KB
- MD5
  
  73fa447cb47faf3e975479de5cc60cd8
- SHA1
  
  b2025bb55894a18d4bba9ecdad14f50109349f33
- SHA256
  
  2949ae862f29a51027ade70cc02e483439f4c3aba6e42e6623daced3714d1b60
- SHA512
  
  fcc346590d63cfb1afc39c2098d4fde29ece80a9f3dcf2d4c1c8dcdce84aac4714c1cbef25d14f27e418e3ae68c86c4b4858b23907b9006285f9045f2ef6fb50
- SSDEEP
  
  3072:+n92UWxHILc1PuADtH20n41epgs13BxzXzqlK2Ylzb8QDeFVvQPtB7fVS:5xHILdADPn4wph13BNOG7DeFMj7f
Score

10^/10

pandastealer smokeloader backdoor stealer trojan
- Detects Smokeloader packer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealersmokeloaderbackdoorstealertrojan

© 2018-2024

Terms | Privacy