pandastealer | ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-02-2024 13:44

Target

92241e9deba2241135690963861f0ddd.exe
Size

759KB
MD5

92241e9deba2241135690963861f0ddd
SHA1

487d114c2fffbeed6183619ad96e07c91ddb1af4
SHA256

ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935
SHA512

be2bd565987845bb48d442da51b6145c74933b98fe78159ec40cdec43e13d033df98a19fa14ca31b00fc60026489141debce30a56af00288c89c414a198a4727
SSDEEP

12288:maCrCrqcJhRuNs9+g4snRefAwLxZmvUiTQvUOSvyPgBhd/Sr6+GgE9pMXLhU:7IwJ/usoLxERQvUOgBBHSkgE9pMXlU

Score

10^/10

Family

pandastealer

Version

1.11

http://f0566525.xsph.ru

Panda Stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/2468-8-0x0000000000400000-0x00000000004AE000-memory.dmp	family_pandastealer
behavioral1/memory/2468-9-0x0000000000400000-0x00000000004AE000-memory.dmp	family_pandastealer
behavioral1/memory/2468-12-0x0000000000400000-0x00000000004AE000-memory.dmp	family_pandastealer
behavioral1/memory/2468-14-0x0000000000400000-0x00000000004AE000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 828 set thread context of 2468	828	92241e9deba2241135690963861f0ddd.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2800	2468	WerFault.exe	28

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 828 wrote to memory of 2468	828	92241e9deba2241135690963861f0ddd.exe	28
PID 2468 wrote to memory of 2800	2468	92241e9deba2241135690963861f0ddd.exe	29
PID 2468 wrote to memory of 2800	2468	92241e9deba2241135690963861f0ddd.exe	29
PID 2468 wrote to memory of 2800	2468	92241e9deba2241135690963861f0ddd.exe	29
PID 2468 wrote to memory of 2800	2468	92241e9deba2241135690963861f0ddd.exe	29

memory/828-0-0x0000000000B10000-0x0000000000BD4000-memory.dmp

Filesize
784KB

Download
memory/828-1-0x0000000074570000-0x0000000074C5E000-memory.dmp

Filesize
6.9MB

Download
memory/828-2-0x0000000004D90000-0x0000000004DD0000-memory.dmp

Filesize
256KB

Download
memory/828-3-0x00000000045D0000-0x0000000004684000-memory.dmp

Filesize
720KB

Download
memory/828-15-0x0000000074570000-0x0000000074C5E000-memory.dmp

Filesize
6.9MB

Download
memory/2468-7-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2468-6-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2468-8-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2468-9-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2468-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2468-12-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2468-14-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download
memory/2468-4-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download