Malware Analysis Report

2024-09-22 15:31

Sample ID 231224-x5srfabbhn
Target 0d60de145ee108192a36c45131ce52b4
SHA256 e61cccc3721d63d9685f8014e2c3d33f27455cd76b81a141165c88cc6c60d211
Tags
pandastealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e61cccc3721d63d9685f8014e2c3d33f27455cd76b81a141165c88cc6c60d211

Threat Level: Known bad

The file 0d60de145ee108192a36c45131ce52b4 was found to be: Known bad.

Malicious Activity Summary

pandastealer spyware stealer

Panda Stealer payload

Pandastealer family

PandaStealer

Reads user/profile data of web browsers

Unsigned PE

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-12-24 19:26

Signatures

Panda Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Pandastealer family

pandastealer

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-24 19:26

Reported

2023-12-24 23:14

Platform

win7-20231215-en

Max time kernel

117s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0d60de145ee108192a36c45131ce52b4.exe"

Signatures

PandaStealer

stealer pandastealer

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\0d60de145ee108192a36c45131ce52b4.exe

"C:\Users\Admin\AppData\Local\Temp\0d60de145ee108192a36c45131ce52b4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 collector-node.us udp
US 8.8.8.8:53 collector-steal.ga udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-24 19:26

Reported

2023-12-24 23:13

Platform

win10v2004-20231215-en

Max time kernel

1s

Max time network

73s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0d60de145ee108192a36c45131ce52b4.exe"

Signatures

PandaStealer

stealer pandastealer

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\0d60de145ee108192a36c45131ce52b4.exe

"C:\Users\Admin\AppData\Local\Temp\0d60de145ee108192a36c45131ce52b4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 collector-node.us udp
US 8.8.8.8:53 collector-steal.ga udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 20.242.39.171:443 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 20.242.39.171:443 tcp

Files

N/A