Overview

overview

10

Static

static

3

92241e9deb...dd.exe

windows7-x64

10

92241e9deb...dd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-02-2024 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92241e9deba2241135690963861f0ddd.exe

  • Size

    759KB

  • MD5

    92241e9deba2241135690963861f0ddd

  • SHA1

    487d114c2fffbeed6183619ad96e07c91ddb1af4

  • SHA256

    ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935

  • SHA512

    be2bd565987845bb48d442da51b6145c74933b98fe78159ec40cdec43e13d033df98a19fa14ca31b00fc60026489141debce30a56af00288c89c414a198a4727

  • SSDEEP

    12288:maCrCrqcJhRuNs9+g4snRefAwLxZmvUiTQvUOSvyPgBhd/Sr6+GgE9pMXLhU:7IwJ/usoLxERQvUOgBBHSkgE9pMXlU

Score
10/10
pandastealerstealer

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0566525.xsph.ru

Signatures

  • Panda Stealer payload 4 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92241e9deba2241135690963861f0ddd.exe
    "C:\Users\Admin\AppData\Local\Temp\92241e9deba2241135690963861f0ddd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:828
    • C:\Users\Admin\AppData\Local\Temp\92241e9deba2241135690963861f0ddd.exe
      "C:\Users\Admin\AppData\Local\Temp\92241e9deba2241135690963861f0ddd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 136
        3⤵
        • Program crash
        PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/828-0-0x0000000000B10000-0x0000000000BD4000-memory.dmp
    Filesize

    784KB

    Download
  • memory/828-1-0x0000000074570000-0x0000000074C5E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/828-2-0x0000000004D90000-0x0000000004DD0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/828-3-0x00000000045D0000-0x0000000004684000-memory.dmp
    Filesize

    720KB

    Download
  • memory/828-15-0x0000000074570000-0x0000000074C5E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2468-7-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2468-6-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2468-8-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2468-9-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2468-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2468-12-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2468-14-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download
  • memory/2468-4-0x0000000000400000-0x00000000004AE000-memory.dmp
    Filesize

    696KB

    Download