Overview

overview

10

Static

static

7

9b80f5c9c1...1f.exe

windows7-x64

10

9b80f5c9c1...1f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14-02-2024 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b80f5c9c1cd7d2d13d6c41d35e0c21f.exe

  • Size

    5.6MB

  • MD5

    9b80f5c9c1cd7d2d13d6c41d35e0c21f

  • SHA1

    6df7b192b2c140552feaf951090ca54a01640f77

  • SHA256

    62a1d37c063d4835060b531f903bc99d8f807e8f52077e6ece25c8f53af84d74

  • SHA512

    1b6a33ae5275653eaafeeba81e0cf1df466a0a6e66647f662765cccb28c122d1a9d22baa977f623ac6b094c0e064e434f6981261136343209de2b3375f9cd609

  • SSDEEP

    98304:jO2z45deXEXN1NLNsI2xebYryeeKQsJ4rPB2EAV5ZEseq3q9/A7Co8+klmxKw:i2z45XXN1T2xebYpeKHJwP0KPq3kAmoF

Score
10/10
pandastealershurkinfostealerspywarestealervmprotect

Malware Config

Signatures

  • Panda Stealer payload 3 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk
  • Shurk Stealer payload 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b80f5c9c1cd7d2d13d6c41d35e0c21f.exe
    "C:\Users\Admin\AppData\Local\Temp\9b80f5c9c1cd7d2d13d6c41d35e0c21f.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3040-0-0x0000000000D20000-0x0000000001655000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/3040-1-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-3-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-5-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-6-0x0000000077AC0000-0x0000000077AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-7-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-9-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-11-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-12-0x0000000000D20000-0x0000000001655000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/3040-28-0x0000000000D20000-0x0000000001655000-memory.dmp

    Filesize

    9.2MB

    Download