pandastealer | b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Resubmissions

19-02-2023 21:04

230219-zwxedaga7w 10

19-02-2023 18:51

230219-xhma5sfg4z 10

Sharing

General

Target

b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a
Size

227KB
Sample

230219-xhma5sfg4z
MD5

8e9b5572a7470a015a4bd2b91fd78ab0
SHA1

4e4d5406696a6d00bcf54633aba6f2f68c80ad72
SHA256

b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a
SHA512

c7dc66b40a791dd83c3beb44adb010ba7238bc9fc04eeb0c3e172c905a4ef04530dc1447a08d5046b8afb19c4e1ede6aea928edea8f7cfd54dec8ce9b50197af
SSDEEP

3072:sB/aYaPSLD1P/m0a0k0IiqCRfsB5xJ7zg6qeL+VqYsPAl/Mvcf1iBh2s:6LaPSLFm0lJqCRfgdgRjwnPpENiH2

Score

10^/10

pandastealer smokeloader backdoor stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a.exe

Resource

win10v2004-20220812-en

pandastealer smokeloader backdoor stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a
- Size
  
  227KB
- MD5
  
  8e9b5572a7470a015a4bd2b91fd78ab0
- SHA1
  
  4e4d5406696a6d00bcf54633aba6f2f68c80ad72
- SHA256
  
  b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a
- SHA512
  
  c7dc66b40a791dd83c3beb44adb010ba7238bc9fc04eeb0c3e172c905a4ef04530dc1447a08d5046b8afb19c4e1ede6aea928edea8f7cfd54dec8ce9b50197af
- SSDEEP
  
  3072:sB/aYaPSLD1P/m0a0k0IiqCRfsB5xJ7zg6qeL+VqYsPAl/Mvcf1iBh2s:6LaPSLFm0lJqCRfgdgRjwnPpENiH2
Score

10^/10

pandastealer smokeloader backdoor stealer trojan
- Detects Smokeloader packer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

pandastealersmokeloaderbackdoorstealertrojan

© 2018-2024

Terms | Privacy