pandastealer | 5bfd7eae5ad25befd314c183473eeaca4e87e3e2aefda5e34649e202b81a6f48

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2023 00:02

Target

file.exe
Size

673KB
MD5

6cfcbdf4670f3ae5abd5942a36dd5a95
SHA1

4dcf567d82a02957e2e2c3160c2f7e23ef2f1247
SHA256

5bfd7eae5ad25befd314c183473eeaca4e87e3e2aefda5e34649e202b81a6f48
SHA512

4d61f08109ade0bd2fb5c283d6a41183e5a49982c225c94bd821fdd82c234c1fbc8e7da7136e2fc39c6eb99f4a558fdb930074bf8642c51782de4c0c97921090
SSDEEP

12288:VoJqNIPtNmO6IOOEp0TMlja7NRl2PSVikIyoyueh+AkHcnLwuukoCOD6zlgjOz+i:VoJEKZ6IEGTMxapRl2PSwHTehy6BP+pQ

Score

10^/10

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

file.exe

pid process

1868 file.exe
1868 file.exe

pid	process
1868	file.exe
1868	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact