General

  • Target

    73bdcc9555fc1bad7922968d96da189a

  • Size

    5.8MB

  • Sample

    231222-gqjl8aaccm

  • MD5

    73bdcc9555fc1bad7922968d96da189a

  • SHA1

    b442030efe8dae7c3930078d36e894f64ac1dce8

  • SHA256

    0e43398f20329effd2c9166408830520f7a65bb97fe731e7adf9cbc23321550b

  • SHA512

    2afe42feafc4b8c5b9280f8928201704f9532b8a3730da449a8d9522100a308a8608fd87da741e48f748a4c802de7793f8e0567e94276bd9eeb088dfdc6fd5d4

  • SSDEEP

    98304:JsRH1pBhhBQSmT60Gn2lxmhVXpbB8NWjEecyE4+thl/cgJprckjjlfcXVK:uNhaSmT60GnTh15B8G5cW+fZcwjn

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0577083.xsph.ru

Targets

    • Target

      73bdcc9555fc1bad7922968d96da189a

    • Size

      5.8MB

    • MD5

      73bdcc9555fc1bad7922968d96da189a

    • SHA1

      b442030efe8dae7c3930078d36e894f64ac1dce8

    • SHA256

      0e43398f20329effd2c9166408830520f7a65bb97fe731e7adf9cbc23321550b

    • SHA512

      2afe42feafc4b8c5b9280f8928201704f9532b8a3730da449a8d9522100a308a8608fd87da741e48f748a4c802de7793f8e0567e94276bd9eeb088dfdc6fd5d4

    • SSDEEP

      98304:JsRH1pBhhBQSmT60Gn2lxmhVXpbB8NWjEecyE4+thl/cgJprckjjlfcXVK:uNhaSmT60GnTh15B8G5cW+fZcwjn

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks