General

  • Target

    a7caf015b129fe7fe86388ec50095b5c

  • Size

    2.9MB

  • Sample

    240227-a5v58scd56

  • MD5

    a7caf015b129fe7fe86388ec50095b5c

  • SHA1

    10cd846eb546ef5d6613b41024afd049ca82e289

  • SHA256

    830b7b7a678a2adb1c39ab4b70acadceff86854e72de0d939df3ba51dbff00a8

  • SHA512

    2b49a2da64d137e9e1848e2c537d673ed08ca8f0142304e27aac6e7675325a2aa7078dcbec1135070ba951bc90b3732f5d791ffe128aba573b67f19932949a96

  • SSDEEP

    49152:DypKcd02s8SfTRV4JRveEERTND0lTFAwoWwWiYy9PbusVDlO2:DypKcq2s8SlVGBgNQ+rLzbp3

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0573296.xsph.ru

Extracted

Family

pandastealer

Version

��

C2

http://�Ɠ

Targets

    • Target

      a7caf015b129fe7fe86388ec50095b5c

    • Size

      2.9MB

    • MD5

      a7caf015b129fe7fe86388ec50095b5c

    • SHA1

      10cd846eb546ef5d6613b41024afd049ca82e289

    • SHA256

      830b7b7a678a2adb1c39ab4b70acadceff86854e72de0d939df3ba51dbff00a8

    • SHA512

      2b49a2da64d137e9e1848e2c537d673ed08ca8f0142304e27aac6e7675325a2aa7078dcbec1135070ba951bc90b3732f5d791ffe128aba573b67f19932949a96

    • SSDEEP

      49152:DypKcd02s8SfTRV4JRveEERTND0lTFAwoWwWiYy9PbusVDlO2:DypKcq2s8SlVGBgNQ+rLzbp3

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks