pandastealer

General

Target

b68227ba05f3eb3248dc5a395236524b
Size

5.7MB
Sample

231222-rd7tdshch4
MD5

b68227ba05f3eb3248dc5a395236524b
SHA1

6f4e0383437930158a3b6b6b7f88a00bcc494069
SHA256

7eeddbc9be711b2e0a3b735746bc6746f5f833f43c684eb3164961bf745605f7
SHA512

224d5994ff41a7bddeaeb060d44f7589dcc4b56462ed695678008893f367cae6045eacdd26510b1c2097db6f211dcd68d2b36daf51c7dc987a215a146d54092d
SSDEEP

98304:UWfdpiC6N6prGn4ge1UPNaRL+IDM4XaIP6hU1t0/Rp2gGTDg6TD/J3JDagYC:9imcnHecNacH6aS1tOFGbTDJJDagY

Score

10^/10

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0523327.xsph.ru

Targets

- Target
  
  b68227ba05f3eb3248dc5a395236524b
- Size
  
  5.7MB
- MD5
  
  b68227ba05f3eb3248dc5a395236524b
- SHA1
  
  6f4e0383437930158a3b6b6b7f88a00bcc494069
- SHA256
  
  7eeddbc9be711b2e0a3b735746bc6746f5f833f43c684eb3164961bf745605f7
- SHA512
  
  224d5994ff41a7bddeaeb060d44f7589dcc4b56462ed695678008893f367cae6045eacdd26510b1c2097db6f211dcd68d2b36daf51c7dc987a215a146d54092d
- SSDEEP
  
  98304:UWfdpiC6N6prGn4ge1UPNaRL+IDM4XaIP6hU1t0/Rp2gGTDg6TD/J3JDagYC:9imcnHecNacH6aS1tOFGbTDJJDagY
Score

10^/10

pandastealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Panda Stealer payload

Reads user/profile data of web browsers

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2