Extracted

• • Target

    322c75f8d4735a1d6ad002931e377207

  • Size

    2.9MB

  • MD5

    322c75f8d4735a1d6ad002931e377207

  • SHA1

    267027821107faa6afa8417e4d87e45b14118138

  • SHA256

    536a23943567e447c6a279127cc1a05851898fe966f34987228c881a7c8f88ae

  • SHA512

    c2c77596265e75619e0c62e18127ba9bb224545e04b0f474a056b6a7a4542038e68ce22959d06e8d46b04bb49b93041fceff5df7141be70eb0e800ae61e733f9

  • SSDEEP

    49152:/M0815iQl71gq3LtZ2uIhwqtWTwi8gTM75hkLXhdvZ7vJGe6eSJYxrTaBALI0kh2:/m1fgCXhEXqTMnkLRdBbS/JYxaBAU0ks

  Score

  10^/10

  pandastealerevasionspywarestealerthemidatrojan

  • Panda Stealer payload

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2