pandastealer | 8d8a582206a03b35fcca11de649ddb1a150d4791c43c793c6c3c599c8fcc3848 | Triage

Submit
Reports

Overview

overview

Static

static

3

VN[A433691...xt.lnk

windows10-2004-x64

VN[A433691...ll.exe

windows10-2004-x64

Sharing

General

Target

VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States).rar
Size

2.1MB
Sample

230630-zzq2rseg22
MD5

e41b0485ccf72b4938e62fa922cee269
SHA1

58d835e492fcb1b67600d8e5703a63ecfa9ce732
SHA256

8d8a582206a03b35fcca11de649ddb1a150d4791c43c793c6c3c599c8fcc3848
SHA512

10770b5eeecc89ec1d6186da9b63819a52c22c0a87c468e1cbb2359a58b10d0bd69d4acec57a1b218af479f0071cdb3603b04833728664682e5bef4aedf07847
SSDEEP

49152:FrBUd9btIB648Ognvtnz/VWABvMuH5si4+Rg0PT1uoyE:FdK9bb48OgnRxzMuO+Rg0bgE

Score

10^/10

pandastealer stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Passwords.txt.lnk

Resource

win10v2004-20230621-en

pandastealer stealer

windows10-2004-x64

9 signatures

30 seconds

Behavioral task

behavioral2

Sample

VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Wall.exe

Resource

win10v2004-20230621-en

pandastealer stealer

windows10-2004-x64

8 signatures

30 seconds

Malware Config

Targets

- Target
  
  VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Passwords.txt.lnk
- Size
  
  1KB
- MD5
  
  01a52f0468558df808b8459bf0ab80a8
- SHA1
  
  61d544fd99b9bd753abe9bda5db5b917f2cfe8ad
- SHA256
  
  7f04ca01713ecbbc5c0610d63ca0b500e01641b75b1def3291c0975db5aabeea
- SHA512
  
  0832dc0916aa567e4daf289985621e3246cc761f8e6ff435c590b417b8ad3d4975e27b7fa763b32dc5994c7c8fc909a1833525d4850d0d5e150d3a217d19b280
Score

10^/10

pandastealer stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Wallets/Google_[Chrome]_Default_Metamask/000341.ldb
- Size
  
  1.9MB
- MD5
  
  d529e0869cea70bf8d3bdec1f16048d9
- SHA1
  
  10f0cb47a0494a02c6c6e81a68486918a12cecdd
- SHA256
  
  a160899b9e4c43ca91293e96180e3ed9ad7dc554cd3ca1a6f231ca478d7adfae
- SHA512
  
  43e135ea62b8815abd1e11d6447149f5b44b2a7dd780ddac62c5abe510aa14631c87a08257d1bdcb141bd236495ffc3a2781d74a86e7576c0389a62dd23fc5b5
- SSDEEP
  
  49152:ABRevIzpuUaDNJJE+dwRivJdxCxvAgoylf+H35jOa:apz4pDN8+KRUJgy+f+XD
Score

10^/10

pandastealer stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pandastealerstealer

behavioral2

pandastealerstealer

© 2018-2024

Terms | Privacy