General

  • Target

    a58ba0338bc617fdc6e60f0a0c5ef655

  • Size

    1.4MB

  • Sample

    240226-f4ygvsdh94

  • MD5

    a58ba0338bc617fdc6e60f0a0c5ef655

  • SHA1

    9fab93502863d7e5e39778cdd613f258081638c3

  • SHA256

    e0cc6ae1f2a402c12678c97f63f6e97cad35090ccca5c1a280a3beef0b716e88

  • SHA512

    ee507c9b632c71e49c18c95b10d290dda456a0422fd1659fc41e6d2c58a5b82f1428f7d4d4190d961e81cc30b42e1444a17b52392a95f3c451bdc2b2eec8deff

  • SSDEEP

    24576:qlc5i8jgFm3YKQbc4ib20TsTUyLo4H/hach1H2bF89lAZuBk4WIWV:qlc5wKMcjabE4THRlAmWIW

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0570666.xsph.ru

Targets

    • Target

      a58ba0338bc617fdc6e60f0a0c5ef655

    • Size

      1.4MB

    • MD5

      a58ba0338bc617fdc6e60f0a0c5ef655

    • SHA1

      9fab93502863d7e5e39778cdd613f258081638c3

    • SHA256

      e0cc6ae1f2a402c12678c97f63f6e97cad35090ccca5c1a280a3beef0b716e88

    • SHA512

      ee507c9b632c71e49c18c95b10d290dda456a0422fd1659fc41e6d2c58a5b82f1428f7d4d4190d961e81cc30b42e1444a17b52392a95f3c451bdc2b2eec8deff

    • SSDEEP

      24576:qlc5i8jgFm3YKQbc4ib20TsTUyLo4H/hach1H2bF89lAZuBk4WIWV:qlc5wKMcjabE4THRlAmWIW

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks