pandastealer | 8d8a582206a03b35fcca11de649ddb1a150d4791c43c793c6c3c599c8fcc3848 | Triage

Submit
Reports

Overview

overview

Static

static

3

VN[A433691...xt.lnk

windows10-2004-x64

VN[A433691...ll.exe

windows10-2004-x64

Sharing

General

Target

VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States).rar
Size

2.1MB
Sample

230630-zzq2rseg22
MD5

e41b0485ccf72b4938e62fa922cee269
SHA1

58d835e492fcb1b67600d8e5703a63ecfa9ce732
SHA256

8d8a582206a03b35fcca11de649ddb1a150d4791c43c793c6c3c599c8fcc3848
SHA512

10770b5eeecc89ec1d6186da9b63819a52c22c0a87c468e1cbb2359a58b10d0bd69d4acec57a1b218af479f0071cdb3603b04833728664682e5bef4aedf07847
SSDEEP

49152:FrBUd9btIB648Ognvtnz/VWABvMuH5si4+Rg0PT1uoyE:FdK9bb48OgnRxzMuO+Rg0bgE

Score

10^/10

pandastealer stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Passwords.txt.lnk

Resource

win10v2004-20230621-en

pandastealer stealer

windows10-2004-x64

9 signatures

30 seconds

Behavioral task

behavioral2

Sample

VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Wall.exe

Resource

win10v2004-20230621-en

pandastealer stealer

windows10-2004-x64

8 signatures

30 seconds

Malware Config

Targets

- Target
  
  VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Passwords.txt.lnk
- Size
  
  1KB
- MD5
  
  01a52f0468558df808b8459bf0ab80a8
- SHA1
  
  61d544fd99b9bd753abe9bda5db5b917f2cfe8ad
- SHA256
  
  7f04ca01713ecbbc5c0610d63ca0b500e01641b75b1def3291c0975db5aabeea
- SHA512
  
  0832dc0916aa567e4daf289985621e3246cc761f8e6ff435c590b417b8ad3d4975e27b7fa763b32dc5994c7c8fc909a1833525d4850d0d5e150d3a217d19b280
Score

10^/10

pandastealer stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  VN[A43369197BA4B9840A742079ADE515B8] [2022-12-15T03_11_33.4145147] lang-English (United States)/Wallets/Google_[Chrome]_Default_Metamask/000341.ldb
- Size
  
  1.9MB
- MD5
  
  d529e0869cea70bf8d3bdec1f16048d9
- SHA1
  
  10f0cb47a0494a02c6c6e81a68486918a12cecdd
- SHA256
  
  a160899b9e4c43ca91293e96180e3ed9ad7dc554cd3ca1a6f231ca478d7adfae
- SHA512
  
  43e135ea62b8815abd1e11d6447149f5b44b2a7dd780ddac62c5abe510aa14631c87a08257d1bdcb141bd236495ffc3a2781d74a86e7576c0389a62dd23fc5b5
- SSDEEP
  
  49152:ABRevIzpuUaDNJJE+dwRivJdxCxvAgoylf+H35jOa:apz4pDN8+KRUJgy+f+XD
Score

10^/10

pandastealer stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerstealer

behavioral2

pandastealerstealer

© 2018-2024

Terms | Privacy