pandastealer | 433acf938a74ef9ab5f556679a00963e2d67dc4921281192f6a4d9de485270ae | Triage

Submit
Reports

Overview

overview

Static

static

0x00050000...at.exe

windows7-x64

0x00050000...at.exe

windows10-2004-x64

Sharing

General

Target

0x000500000000073b-142.dat.bin
Size

829KB
Sample

230430-2n46csfd24
MD5

d7ecaa18abc939e94eb7b751e14c2b2d
SHA1

40b6d5eff1347182fcc22ff9a8982282432786bd
SHA256

433acf938a74ef9ab5f556679a00963e2d67dc4921281192f6a4d9de485270ae
SHA512

15c1cf8195f5d715af1958754fd06693472a649657484bf68198d41dc4931ef48c1c6d092d3bf2dbca68541933b5151fc9b13970d3930b7d2d868d0aaf046f2e
SSDEEP

24576:woJEKZ6IEGTMxapRl2PSwHTehy6BP+pXSh0vpB:wouKZ6iMqRl2PSwzehy6cpXSh0vpB

Score

10^/10

pandastealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0x000500000000073b-142.dat.exe

Resource

win7-20230220-en

pandastealer spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000500000000073b-142.dat.exe

Resource

win10v2004-20230220-en

pandastealer spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://thisisgenk.temp.swtest.ru

Extracted

Family

pandastealer

Version

��H

C2

http://�H

Targets

- Target
  
  0x000500000000073b-142.dat.bin
- Size
  
  829KB
- MD5
  
  d7ecaa18abc939e94eb7b751e14c2b2d
- SHA1
  
  40b6d5eff1347182fcc22ff9a8982282432786bd
- SHA256
  
  433acf938a74ef9ab5f556679a00963e2d67dc4921281192f6a4d9de485270ae
- SHA512
  
  15c1cf8195f5d715af1958754fd06693472a649657484bf68198d41dc4931ef48c1c6d092d3bf2dbca68541933b5151fc9b13970d3930b7d2d868d0aaf046f2e
- SSDEEP
  
  24576:woJEKZ6IEGTMxapRl2PSwHTehy6BP+pXSh0vpB:wouKZ6iMqRl2PSwzehy6cpXSh0vpB
Score

10^/10

pandastealer spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pandastealerspywarestealer

behavioral2

pandastealerspywarestealer

© 2018-2024

Terms | Privacy