General
-
Target
9bdffeeb52015df1699b7b0f0aa03cf4
-
Size
10.9MB
-
Sample
240214-re1fpsdg45
-
MD5
9bdffeeb52015df1699b7b0f0aa03cf4
-
SHA1
b9d1f121926acd5a8b146e4675a30d7f8583d2bf
-
SHA256
57ad383c47b6423e48e44f750afc38f4e837db3c62eb59e10743d241625259e2
-
SHA512
4e45c2f7ebc96768453340dab5bc29d6a9e998c2c76e424e1af445e13cd89d3b9aafc5233957242fc2dede2e96d35e5cb038b7d3ce6fc47251cc7ca3094875d9
-
SSDEEP
196608:h5XOsmXgCe4WdIHlJMBJxxviqVVXBgl7ZSr/UyXL23QM2NCfV3d1R9fv7M:jOsmXMeHU9viqeFu8KigMFd1Rm
Static task
static1
Behavioral task
behavioral1
Sample
9bdffeeb52015df1699b7b0f0aa03cf4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9bdffeeb52015df1699b7b0f0aa03cf4.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
pandastealer
1.11
http://f0565988.xsph.ru
Targets
-
-
Target
9bdffeeb52015df1699b7b0f0aa03cf4
-
Size
10.9MB
-
MD5
9bdffeeb52015df1699b7b0f0aa03cf4
-
SHA1
b9d1f121926acd5a8b146e4675a30d7f8583d2bf
-
SHA256
57ad383c47b6423e48e44f750afc38f4e837db3c62eb59e10743d241625259e2
-
SHA512
4e45c2f7ebc96768453340dab5bc29d6a9e998c2c76e424e1af445e13cd89d3b9aafc5233957242fc2dede2e96d35e5cb038b7d3ce6fc47251cc7ca3094875d9
-
SSDEEP
196608:h5XOsmXgCe4WdIHlJMBJxxviqVVXBgl7ZSr/UyXL23QM2NCfV3d1R9fv7M:jOsmXMeHU9viqeFu8KigMFd1Rm
Score10/10-
Panda Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-