pandastealer | 54e3e47bef3d3ea8b87bc2a7af7e8719767fe6afd7abfae102545278526c5347 | Triage

Submit
Reports

Overview

overview

Static

static

7

5b728c7eb4...0f.exe

windows7-x64

5b728c7eb4...0f.exe

windows10-2004-x64

Sharing

General

Target

5b728c7eb4f832ebbecb2918602fda0f
Size

2.9MB
Sample

240114-rj2jkabeap
MD5

5b728c7eb4f832ebbecb2918602fda0f
SHA1

7c3318b75fbaa67237928b43a39ddccaae58a1ba
SHA256

54e3e47bef3d3ea8b87bc2a7af7e8719767fe6afd7abfae102545278526c5347
SHA512

f9b54f5ec15dd3a6d201af5331083e96d77a6b3ff19b5be61d19c3453be7d7869c096ac77be2dbe6948e9b86ad001b85918816bcba2cc7881f2c0249dbaa8a56
SSDEEP

49152:F5Q+tEIjskUnk1rbDuFgVjasp20FFviVdFR8Gmfr/eKXabbFwQHu06p15k:FG+tEaskUnLGVjbp1Duj/mfjeJnSiK4

Score

10^/10

pandastealer evasion spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5b728c7eb4f832ebbecb2918602fda0f.exe

Resource

win7-20231129-en

pandastealer evasion spyware stealer themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b728c7eb4f832ebbecb2918602fda0f.exe

Resource

win10v2004-20231215-en

pandastealer evasion spyware stealer themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

pandastealer

Version

�

C2

http://��

Extracted

Family

pandastealer

Version

1.11

C2

http://f0567361.xsph.ru

Targets

- Target
  
  5b728c7eb4f832ebbecb2918602fda0f
- Size
  
  2.9MB
- MD5
  
  5b728c7eb4f832ebbecb2918602fda0f
- SHA1
  
  7c3318b75fbaa67237928b43a39ddccaae58a1ba
- SHA256
  
  54e3e47bef3d3ea8b87bc2a7af7e8719767fe6afd7abfae102545278526c5347
- SHA512
  
  f9b54f5ec15dd3a6d201af5331083e96d77a6b3ff19b5be61d19c3453be7d7869c096ac77be2dbe6948e9b86ad001b85918816bcba2cc7881f2c0249dbaa8a56
- SSDEEP
  
  49152:F5Q+tEIjskUnk1rbDuFgVjasp20FFviVdFR8Gmfr/eKXabbFwQHu06p15k:FG+tEaskUnLGVjbp1Duj/mfjeJnSiK4
Score

10^/10

pandastealer evasion spyware stealer themida trojan
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerevasionspywarestealerthemidatrojan

behavioral2

pandastealerevasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy