Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 14:05
Behavioral task
behavioral1
Sample
b68227ba05f3eb3248dc5a395236524b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b68227ba05f3eb3248dc5a395236524b.exe
Resource
win10v2004-20231215-en
General
-
Target
b68227ba05f3eb3248dc5a395236524b.exe
-
Size
5.7MB
-
MD5
b68227ba05f3eb3248dc5a395236524b
-
SHA1
6f4e0383437930158a3b6b6b7f88a00bcc494069
-
SHA256
7eeddbc9be711b2e0a3b735746bc6746f5f833f43c684eb3164961bf745605f7
-
SHA512
224d5994ff41a7bddeaeb060d44f7589dcc4b56462ed695678008893f367cae6045eacdd26510b1c2097db6f211dcd68d2b36daf51c7dc987a215a146d54092d
-
SSDEEP
98304:UWfdpiC6N6prGn4ge1UPNaRL+IDM4XaIP6hU1t0/Rp2gGTDg6TD/J3JDagYC:9imcnHecNacH6aS1tOFGbTDJJDagY
Malware Config
Extracted
pandastealer
1.11
http://f0523327.xsph.ru
Signatures
-
Panda Stealer payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/2028-0-0x0000000000090000-0x0000000000A32000-memory.dmp family_pandastealer behavioral1/memory/2028-12-0x0000000000090000-0x0000000000A32000-memory.dmp family_pandastealer behavioral1/memory/2028-36-0x0000000000090000-0x0000000000A32000-memory.dmp family_pandastealer -
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral1/memory/2028-0-0x0000000000090000-0x0000000000A32000-memory.dmp vmprotect behavioral1/memory/2028-12-0x0000000000090000-0x0000000000A32000-memory.dmp vmprotect behavioral1/memory/2028-36-0x0000000000090000-0x0000000000A32000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
b68227ba05f3eb3248dc5a395236524b.exepid process 2028 b68227ba05f3eb3248dc5a395236524b.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
b68227ba05f3eb3248dc5a395236524b.exepid process 2028 b68227ba05f3eb3248dc5a395236524b.exe 2028 b68227ba05f3eb3248dc5a395236524b.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2028-0-0x0000000000090000-0x0000000000A32000-memory.dmpFilesize
9.6MB
-
memory/2028-1-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2028-3-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2028-5-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2028-7-0x0000000000AB0000-0x0000000000AB1000-memory.dmpFilesize
4KB
-
memory/2028-6-0x0000000077960000-0x0000000077961000-memory.dmpFilesize
4KB
-
memory/2028-9-0x0000000000AB0000-0x0000000000AB1000-memory.dmpFilesize
4KB
-
memory/2028-11-0x0000000000AB0000-0x0000000000AB1000-memory.dmpFilesize
4KB
-
memory/2028-12-0x0000000000090000-0x0000000000A32000-memory.dmpFilesize
9.6MB
-
memory/2028-36-0x0000000000090000-0x0000000000A32000-memory.dmpFilesize
9.6MB