Extracted

• • Target

    73bdcc9555fc1bad7922968d96da189a

  • Size

    5.8MB

  • MD5

    73bdcc9555fc1bad7922968d96da189a

  • SHA1

    b442030efe8dae7c3930078d36e894f64ac1dce8

  • SHA256

    0e43398f20329effd2c9166408830520f7a65bb97fe731e7adf9cbc23321550b

  • SHA512

    2afe42feafc4b8c5b9280f8928201704f9532b8a3730da449a8d9522100a308a8608fd87da741e48f748a4c802de7793f8e0567e94276bd9eeb088dfdc6fd5d4

  • SSDEEP

    98304:JsRH1pBhhBQSmT60Gn2lxmhVXpbB8NWjEecyE4+thl/cgJprckjjlfcXVK:uNhaSmT60GnTh15B8G5cW+fZcwjn

  Score

  10^/10

  pandastealerspywarestealervmprotect

  • Panda Stealer payload

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2