pandastealer | 05c43a95ca5fc29b575a8417237b5868abc223c60ade4cd2487aef16814b48f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

edad239f78...29.exe

windows7-x64

edad239f78...29.exe

windows10-2004-x64

Sharing

General

Target

edad239f7872ba1c6aa40e9f20894129
Size

1.7MB
Sample

231220-vccteagaeq
MD5

edad239f7872ba1c6aa40e9f20894129
SHA1

9edb6487a5bbb07aa337afd2c2764913813c9814
SHA256

05c43a95ca5fc29b575a8417237b5868abc223c60ade4cd2487aef16814b48f1
SHA512

6ebc98f76003897d359756194766ed5b7a4a3ad2bc02e07826449302495fd8a8b365fe59fcf68d5202dd42d828c3c077f988f9a1a2b4eb501ba6a4381f431490
SSDEEP

24576:/mv94J5AWlk5JiFJlYGCrvLAOP6/CFa/gTQ/3zzqIrSJuic6jg/nYNB+FnOgtiNS:yW3AU+SKrvLAOPZaDGtJVkYnGOgEjhu

Score

10^/10

pandastealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

edad239f7872ba1c6aa40e9f20894129.exe

Resource

win7-20231215-en

pandastealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

edad239f7872ba1c6aa40e9f20894129.exe

Resource

win10v2004-20231215-en

pandastealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://a0588174.xsph.ru

Targets

- Target
  
  edad239f7872ba1c6aa40e9f20894129
- Size
  
  1.7MB
- MD5
  
  edad239f7872ba1c6aa40e9f20894129
- SHA1
  
  9edb6487a5bbb07aa337afd2c2764913813c9814
- SHA256
  
  05c43a95ca5fc29b575a8417237b5868abc223c60ade4cd2487aef16814b48f1
- SHA512
  
  6ebc98f76003897d359756194766ed5b7a4a3ad2bc02e07826449302495fd8a8b365fe59fcf68d5202dd42d828c3c077f988f9a1a2b4eb501ba6a4381f431490
- SSDEEP
  
  24576:/mv94J5AWlk5JiFJlYGCrvLAOP6/CFa/gTQ/3zzqIrSJuic6jg/nYNB+FnOgtiNS:yW3AU+SKrvLAOPZaDGtJVkYnGOgEjhu
Score

10^/10

pandastealer spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerspywarestealer

behavioral2

pandastealerspywarestealer

© 2018-2024

Terms | Privacy