General
-
Target
73bdcc9555fc1bad7922968d96da189a
-
Size
5.8MB
-
Sample
231222-gqjl8aaccm
-
MD5
73bdcc9555fc1bad7922968d96da189a
-
SHA1
b442030efe8dae7c3930078d36e894f64ac1dce8
-
SHA256
0e43398f20329effd2c9166408830520f7a65bb97fe731e7adf9cbc23321550b
-
SHA512
2afe42feafc4b8c5b9280f8928201704f9532b8a3730da449a8d9522100a308a8608fd87da741e48f748a4c802de7793f8e0567e94276bd9eeb088dfdc6fd5d4
-
SSDEEP
98304:JsRH1pBhhBQSmT60Gn2lxmhVXpbB8NWjEecyE4+thl/cgJprckjjlfcXVK:uNhaSmT60GnTh15B8G5cW+fZcwjn
Malware Config
Extracted
pandastealer
1.11
http://f0577083.xsph.ru
Targets
-
-
Target
73bdcc9555fc1bad7922968d96da189a
-
Size
5.8MB
-
MD5
73bdcc9555fc1bad7922968d96da189a
-
SHA1
b442030efe8dae7c3930078d36e894f64ac1dce8
-
SHA256
0e43398f20329effd2c9166408830520f7a65bb97fe731e7adf9cbc23321550b
-
SHA512
2afe42feafc4b8c5b9280f8928201704f9532b8a3730da449a8d9522100a308a8608fd87da741e48f748a4c802de7793f8e0567e94276bd9eeb088dfdc6fd5d4
-
SSDEEP
98304:JsRH1pBhhBQSmT60Gn2lxmhVXpbB8NWjEecyE4+thl/cgJprckjjlfcXVK:uNhaSmT60GnTh15B8G5cW+fZcwjn
Score10/10-
Panda Stealer payload
-
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-