pandastealer | 1f94bf7cb3397c4f28553728271df220d9d75c3e7d03c6f38a7aa5b79c054cd1 | Triage

Submit
Reports

Overview

overview

Static

static

7

30b02e598c...68.exe

windows7-x64

30b02e598c...68.exe

windows10-2004-x64

Sharing

General

Target

30b02e598cbe1894d3c40a86dfdc5e68
Size

2.9MB
Sample

231231-lb4fascca9
MD5

30b02e598cbe1894d3c40a86dfdc5e68
SHA1

1193e7e46c1930330679717589d074b3317ac587
SHA256

1f94bf7cb3397c4f28553728271df220d9d75c3e7d03c6f38a7aa5b79c054cd1
SHA512

1cfb99240657563adf0801e79f3fd1a88063a28f94782502a4b8ac8fe5019f7ed99413dcc915dceaeea391b3fb8105498a767aff3b394a8ebbefe87180ede7ac
SSDEEP

49152:NO38h57b5LGKwboJ3IvVYPHBdNGG6G551TsrFXPtYUJUYFU9y/7VPcJYTsptDHT2:Ca5FGZcWYPHBdcG6GD1TsRx4U75e2stu

Score

10^/10

pandastealer evasion spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

30b02e598cbe1894d3c40a86dfdc5e68.exe

Resource

win7-20231215-en

pandastealer evasion spyware stealer themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

30b02e598cbe1894d3c40a86dfdc5e68.exe

Resource

win10v2004-20231215-en

pandastealer evasion spyware stealer themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0562538.xsph.ru

Targets

- Target
  
  30b02e598cbe1894d3c40a86dfdc5e68
- Size
  
  2.9MB
- MD5
  
  30b02e598cbe1894d3c40a86dfdc5e68
- SHA1
  
  1193e7e46c1930330679717589d074b3317ac587
- SHA256
  
  1f94bf7cb3397c4f28553728271df220d9d75c3e7d03c6f38a7aa5b79c054cd1
- SHA512
  
  1cfb99240657563adf0801e79f3fd1a88063a28f94782502a4b8ac8fe5019f7ed99413dcc915dceaeea391b3fb8105498a767aff3b394a8ebbefe87180ede7ac
- SSDEEP
  
  49152:NO38h57b5LGKwboJ3IvVYPHBdNGG6G551TsrFXPtYUJUYFU9y/7VPcJYTsptDHT2:Ca5FGZcWYPHBdcG6GD1TsRx4U75e2stu
Score

10^/10

pandastealer evasion spyware stealer themida trojan
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerevasionspywarestealerthemidatrojan

behavioral2

pandastealerevasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy