Overview

overview

10

Static

static

7

AHK УСТ...Ь.exe

windows10-1703-x64

10

AHK УСТ...Ь.exe

windows10-2004-x64

10

AutoArmy 2.8.exe

windows10-1703-x64

1

AutoArmy 2.8.exe

windows10-2004-x64

1

Инстр...я.txt

windows10-1703-x64

1

Инстр...я.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AutoArmy 2.8.rar

  • Size

    5.8MB

  • Sample

    231031-p3sdwsab24

  • MD5

    2d721e3133de4637e73bb524a6bc6c0a

  • SHA1

    2320d357dd445f59efd4eb6597a5b28d1d69b620

  • SHA256

    cb3e7f7c9e7faa33fadf99503260853250bd360d563c78bb64e352b8e6919022

  • SHA512

    1eeb978af9aa608d06bdafaf17aa977f00257bb689d8f99d8c800397506201c7739e5ba562cdf7d0abc49a83e4bbbb7f98e842d5a7b19835b502554fbbff68cb

  • SSDEEP

    98304:U0JNNau5Uq7284Rw3du2GTQNUcyjfNyvvXoZ2EGdyx0JANrt8GIXRFwbZyag0jyA:U0o+J2E/GTWTvvJDy+JANRIUbpdmuVF3

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://libscripthubs.mcdir.me

Targets

    • Target

      AHK УСТАНОВИТЬ.exe

    • Size

      5.7MB

    • MD5

      44968ce1b7dcb66e85573e43bc809431

    • SHA1

      7aec81e4d366087eedc4564cb88cedb6062f5c3b

    • SHA256

      c78d5b1b5badb9608c666ff5c592329ebe59ae221266fed77a3dcd188900019f

    • SHA512

      92c20d7e645b513f865a68bd0e3c1948053183fbd40e59ac273784b498af1d3a4c81d3a24af2dc957df93e523fa9da1c0889968805de1eaa9e295e08b8945bc1

    • SSDEEP

      98304:9VFdwkzNzkjRNx7z43Kp44F6sFLT0RLTByc2vtlHXa7UJ73jlbMXS3I:b3wkC5U5AMBgcmKarjl4S3

    Score
    10/10
    pandastealerspywarestealervmprotect

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      AutoArmy 2.8.exe

    • Size

      345KB

    • MD5

      e5c1b7acd55a073be3bea6b3bc8b7a7a

    • SHA1

      ec25473feed90abbfe3fac78a5d94dfd9d4be7ff

    • SHA256

      ca79e5c6de7eb76435f2fd41aaf2aa902f51b76d277cbf202261ecf087a9ab43

    • SHA512

      149af4ce5498b7602a5acf9a513e71046ca5091bec8481ea06dc1cbada842bf582cce78ff12b9f3a5dfb4bdcaf33da1aa95055cfec49fa6014d587f3609aae72

    • SSDEEP

      6144:4ArZ0lwnYdxaFAT2mQRc/CHThXTBfp1fTj3VCKKIOy7z:VohdxWA6mEZzhXTBfp1fTj4Yz

    Score
    1/10
    behavioral3behavioral4

    • Target

      Инструкция.txt

    • Size

      111B

    • MD5

      0039ae1e08b2047c3b9cd056575944bc

    • SHA1

      b897690752a27b97842cd6b80d6b310953be0136

    • SHA256

      233386b43a7df4e9d76dcb474c31af92171274111b2a3302f90807a46f96cefc

    • SHA512

      0e2a6d3ce53035fa265e3ca8244fbd47a5f8eefe14465bdef3f1c8b892f8d07fc8f62b5ee373d4457758f16f5bfa19ef6cb245bfb08126c8bfa39de33569c20d

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks