General
-
Target
Panda.rar
-
Size
1.6MB
-
Sample
230903-n3pgkaaa49
-
MD5
4437ac3835d44b9910b94d2da116b336
-
SHA1
7aa8fc727102b48d2089aca086340248fd3adc5a
-
SHA256
31d3809aa0b8e36970d1949551f9a4cdea927cca137ca5a752650209382431d8
-
SHA512
4f7e0865bcc7285ef2ae8413a9341c1f40831263e223478238770e82913566c764ca7b1a40ba25e905a5cb4554b3b9cebdda0987708bd3421ed4f3afea2eb85e
-
SSDEEP
24576:9cJreOpXow7eD5dwIG6GzULcFGgG4Zsg2gz33DXXnSecEGjoI+LUl5hJsF8fQR:6XpXowSDvwIcWcF1GKj36EGYWJsFkg
Behavioral task
behavioral1
Sample
Panda Regedit/Guna.UI2.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Panda Regedit/Guna.UI2.dll
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
Panda Regedit/Panda_Panel.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
Panda Regedit/Panda_Panel.exe
Resource
win10v2004-20230831-en
Behavioral task
behavioral5
Sample
Panda Regedit/Panda_System.exe
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
Panda Regedit/Panda_System.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/960950114506137713/2VnEvTnRUjX3Q7jSvAeHvgUeWoeWrHD-r2E7c3d8XPPxFaj_tSm0MlikzmnIxO4nnsn0
Targets
-
-
Target
Panda Regedit/Guna.UI2.dll
-
Size
3.7MB
-
MD5
de97f5f8b11269f60e9b0a0d66266a4c
-
SHA1
ac01b2bf4238810c5db34b436f77de4c9182b1d7
-
SHA256
7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
-
SHA512
9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87
-
SSDEEP
24576:X8Svg5GTdeww/MRvUtyfaFVIefE4A4HXvcrZLMpsWM4RjmcPhL+HQ/jz:LTq/MGuKIh+XMCa7c
Score1/10 -
-
-
Target
Panda Regedit/Panda_Panel.exe
-
Size
889KB
-
MD5
89a318e3f4ab22a7d59e788628fc4f8c
-
SHA1
05fd6065f8ff1f356c352ce836bcd25f861a85bf
-
SHA256
97815efda6c181706b97f3a030a3c0bbc481a5ebb7062ae84b1d2f38c6dd8d41
-
SHA512
3d0172cedf9b0ef9f859f9eb8426144350adc32258504227749e2a3c6a07ec151123f19f3180edfb5ea4ddfe90c59ffd7297403995da7ba82a0ee29531a81baa
-
SSDEEP
24576:hFfISEtqavW9da+xzd6IMYLpWvKFFfFfI:D1javWD7nZp/FFV
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
Panda Regedit/Panda_System.exe
-
Size
52KB
-
MD5
c8d127e6c857f185024aca7723f51b75
-
SHA1
d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5
-
SHA256
03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317
-
SHA512
9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b
-
SSDEEP
768:XscGoApPJOJTwfDuZwe2WTjxAKZKfgm3EhW7liUpuhXQOOhl:8c8PQALe2WTSF7EI7YooQOOh
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-