pandastealer

General

Target

d24a0135c8a88a44bbbd7dfa3e1ab352
Size

5.7MB
Sample

231220-shpdaaecc7
MD5

d24a0135c8a88a44bbbd7dfa3e1ab352
SHA1

0dda1c47ec3eb2f6b1c44cfa3a098f46221d4a59
SHA256

56db8b3fc993b1f1636c39c7cc3d2a5b207fccea627da1ebe36d7bbf1deca855
SHA512

0703114175ea9b368fda6a8e88b13492360374e9819e325278f4595c9c1f31994fed3c293bff752ed0c23851df7a48fe2ee11c729ab44f7169a73f0e08d88c59
SSDEEP

98304:mfmUu/4YTZKNsLgv+eOcfsZTWgfwzqJTRvOSHm4CfFecy4KttqCTf:x/4YTZKNs8f9HO+qJT9zHHKPytD

Score

10^/10

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0585194.xsph.ru

Targets

- Target
  
  d24a0135c8a88a44bbbd7dfa3e1ab352
- Size
  
  5.7MB
- MD5
  
  d24a0135c8a88a44bbbd7dfa3e1ab352
- SHA1
  
  0dda1c47ec3eb2f6b1c44cfa3a098f46221d4a59
- SHA256
  
  56db8b3fc993b1f1636c39c7cc3d2a5b207fccea627da1ebe36d7bbf1deca855
- SHA512
  
  0703114175ea9b368fda6a8e88b13492360374e9819e325278f4595c9c1f31994fed3c293bff752ed0c23851df7a48fe2ee11c729ab44f7169a73f0e08d88c59
- SSDEEP
  
  98304:mfmUu/4YTZKNsLgv+eOcfsZTWgfwzqJTRvOSHm4CfFecy4KttqCTf:x/4YTZKNs8f9HO+qJT9zHHKPytD
Score

10^/10

pandastealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Panda Stealer payload

Reads user/profile data of web browsers

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2