Overview

overview

10

Static

static

7

AHK УСТ...Ь.exe

windows10-1703-x64

10

AHK УСТ...Ь.exe

windows10-2004-x64

10

AutoArmy 2.8.exe

windows10-1703-x64

1

AutoArmy 2.8.exe

windows10-2004-x64

1

Инстр...я.txt

windows10-1703-x64

1

Инстр...я.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    206s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-10-2023 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AHK УСТАНОВИТЬ.exe

  • Size

    5.7MB

  • MD5

    44968ce1b7dcb66e85573e43bc809431

  • SHA1

    7aec81e4d366087eedc4564cb88cedb6062f5c3b

  • SHA256

    c78d5b1b5badb9608c666ff5c592329ebe59ae221266fed77a3dcd188900019f

  • SHA512

    92c20d7e645b513f865a68bd0e3c1948053183fbd40e59ac273784b498af1d3a4c81d3a24af2dc957df93e523fa9da1c0889968805de1eaa9e295e08b8945bc1

  • SSDEEP

    98304:9VFdwkzNzkjRNx7z43Kp44F6sFLT0RLTByc2vtlHXa7UJ73jlbMXS3I:b3wkC5U5AMBgcmKarjl4S3

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://libscripthubs.mcdir.me

Signatures

  • Panda Stealer payload 3 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AHK УСТАНОВИТЬ.exe
    "C:\Users\Admin\AppData\Local\Temp\AHK УСТАНОВИТЬ.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4652-0-0x00000000009B0000-0x0000000001353000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4652-2-0x00000000013E0000-0x00000000013E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4652-3-0x00000000013F0000-0x00000000013F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4652-4-0x00000000009B0000-0x0000000001353000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4652-41-0x00000000009B0000-0x0000000001353000-memory.dmp

    Filesize

    9.6MB

    Download