pandastealer | 7eeddbc9be711b2e0a3b735746bc6746f5f833f43c684eb3164961bf745605f7 | Triage

Submit
Reports

Overview

overview

Static

static

7

b68227ba05...4b.exe

windows7-x64

b68227ba05...4b.exe

windows10-2004-x64

Sharing

General

Target

b68227ba05f3eb3248dc5a395236524b
Size

5.7MB
Sample

231222-rd7tdshch4
MD5

b68227ba05f3eb3248dc5a395236524b
SHA1

6f4e0383437930158a3b6b6b7f88a00bcc494069
SHA256

7eeddbc9be711b2e0a3b735746bc6746f5f833f43c684eb3164961bf745605f7
SHA512

224d5994ff41a7bddeaeb060d44f7589dcc4b56462ed695678008893f367cae6045eacdd26510b1c2097db6f211dcd68d2b36daf51c7dc987a215a146d54092d
SSDEEP

98304:UWfdpiC6N6prGn4ge1UPNaRL+IDM4XaIP6hU1t0/Rp2gGTDg6TD/J3JDagYC:9imcnHecNacH6aS1tOFGbTDJJDagY

Score

10^/10

pandastealer spyware stealer vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b68227ba05f3eb3248dc5a395236524b.exe

Resource

win7-20231215-en

pandastealer spyware stealer vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b68227ba05f3eb3248dc5a395236524b.exe

Resource

win10v2004-20231215-en

pandastealer spyware stealer vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0523327.xsph.ru

Targets

- Target
  
  b68227ba05f3eb3248dc5a395236524b
- Size
  
  5.7MB
- MD5
  
  b68227ba05f3eb3248dc5a395236524b
- SHA1
  
  6f4e0383437930158a3b6b6b7f88a00bcc494069
- SHA256
  
  7eeddbc9be711b2e0a3b735746bc6746f5f833f43c684eb3164961bf745605f7
- SHA512
  
  224d5994ff41a7bddeaeb060d44f7589dcc4b56462ed695678008893f367cae6045eacdd26510b1c2097db6f211dcd68d2b36daf51c7dc987a215a146d54092d
- SSDEEP
  
  98304:UWfdpiC6N6prGn4ge1UPNaRL+IDM4XaIP6hU1t0/Rp2gGTDg6TD/J3JDagYC:9imcnHecNacH6aS1tOFGbTDJJDagY
Score

10^/10

pandastealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

pandastealerspywarestealervmprotect

behavioral2

pandastealerspywarestealervmprotect

© 2018-2024

Terms | Privacy