General

  • Target

    38d4296c2dda38d5b6ed29962c3a9f15

  • Size

    736KB

  • Sample

    231231-q78gcagfek

  • MD5

    38d4296c2dda38d5b6ed29962c3a9f15

  • SHA1

    dbcb27211e5cddab65ddca6915bcffcf27240cde

  • SHA256

    9bc1fa4aa23929432bacc24f05512c2df0e5672dd9e4159fc476829187af2b4e

  • SHA512

    49dcee5f2f4f272ae9358576d2897dd7609ac82fd40f85aead134768c3fc8dd1320b5042ea19548e8e9e272adf6845ebad1f498bd4447e6767973bbf012106a9

  • SSDEEP

    12288:3GUeFU78kDDZF6foLZMnhBW8+F+dIgFZ0VrIYwNNN/Nlj:aFUIkDNF6gLZMhUXFCv0q3NN1l

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://vpn-topusa.info

Targets

    • Target

      38d4296c2dda38d5b6ed29962c3a9f15

    • Size

      736KB

    • MD5

      38d4296c2dda38d5b6ed29962c3a9f15

    • SHA1

      dbcb27211e5cddab65ddca6915bcffcf27240cde

    • SHA256

      9bc1fa4aa23929432bacc24f05512c2df0e5672dd9e4159fc476829187af2b4e

    • SHA512

      49dcee5f2f4f272ae9358576d2897dd7609ac82fd40f85aead134768c3fc8dd1320b5042ea19548e8e9e272adf6845ebad1f498bd4447e6767973bbf012106a9

    • SSDEEP

      12288:3GUeFU78kDDZF6foLZMnhBW8+F+dIgFZ0VrIYwNNN/Nlj:aFUIkDNF6gLZMhUXFCv0q3NN1l

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks