General

  • Target

    edad239f7872ba1c6aa40e9f20894129

  • Size

    1.7MB

  • Sample

    231220-vccteagaeq

  • MD5

    edad239f7872ba1c6aa40e9f20894129

  • SHA1

    9edb6487a5bbb07aa337afd2c2764913813c9814

  • SHA256

    05c43a95ca5fc29b575a8417237b5868abc223c60ade4cd2487aef16814b48f1

  • SHA512

    6ebc98f76003897d359756194766ed5b7a4a3ad2bc02e07826449302495fd8a8b365fe59fcf68d5202dd42d828c3c077f988f9a1a2b4eb501ba6a4381f431490

  • SSDEEP

    24576:/mv94J5AWlk5JiFJlYGCrvLAOP6/CFa/gTQ/3zzqIrSJuic6jg/nYNB+FnOgtiNS:yW3AU+SKrvLAOPZaDGtJVkYnGOgEjhu

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://a0588174.xsph.ru

Targets

    • Target

      edad239f7872ba1c6aa40e9f20894129

    • Size

      1.7MB

    • MD5

      edad239f7872ba1c6aa40e9f20894129

    • SHA1

      9edb6487a5bbb07aa337afd2c2764913813c9814

    • SHA256

      05c43a95ca5fc29b575a8417237b5868abc223c60ade4cd2487aef16814b48f1

    • SHA512

      6ebc98f76003897d359756194766ed5b7a4a3ad2bc02e07826449302495fd8a8b365fe59fcf68d5202dd42d828c3c077f988f9a1a2b4eb501ba6a4381f431490

    • SSDEEP

      24576:/mv94J5AWlk5JiFJlYGCrvLAOP6/CFa/gTQ/3zzqIrSJuic6jg/nYNB+FnOgtiNS:yW3AU+SKrvLAOPZaDGtJVkYnGOgEjhu

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

1
T1005

Tasks