Malware Analysis Report

2024-09-22 15:29

Sample ID 240216-m4vjjahg78
Target a035d233500d7f10cc87139f43f51cf3
SHA256 b2feb2b35a2c7173caaf9f2c64004c768cf8f1ab955aa3323fffe084659ec380
Tags
pandastealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b2feb2b35a2c7173caaf9f2c64004c768cf8f1ab955aa3323fffe084659ec380

Threat Level: Known bad

The file a035d233500d7f10cc87139f43f51cf3 was found to be: Known bad.

Malicious Activity Summary

pandastealer spyware stealer

Panda Stealer payload

Pandastealer family

PandaStealer

Reads user/profile data of web browsers

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-02-16 11:01

Signatures

Panda Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Pandastealer family

pandastealer

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-16 11:01

Reported

2024-02-16 11:04

Platform

win7-20231215-en

Max time kernel

121s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe"

Signatures

PandaStealer

stealer pandastealer

Reads user/profile data of web browsers

spyware stealer

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe

"C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 f0567127.xsph.ru udp
RU 141.8.197.42:80 f0567127.xsph.ru tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-16 11:01

Reported

2024-02-16 11:04

Platform

win10v2004-20231215-en

Max time kernel

91s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe"

Signatures

PandaStealer

stealer pandastealer

Reads user/profile data of web browsers

spyware stealer

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe

"C:\Users\Admin\AppData\Local\Temp\a035d233500d7f10cc87139f43f51cf3.exe"

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 f0567127.xsph.ru udp
RU 141.8.197.42:80 f0567127.xsph.ru tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 42.197.8.141.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A