Extracted

• • Target

    d183302946d538062506bdd30d668d5b

  • Size

    2.8MB

  • MD5

    d183302946d538062506bdd30d668d5b

  • SHA1

    b6850ccff42bb2a1bb2ae8d3780d7d545cc3cd24

  • SHA256

    4850df3fa0d3aa4d9bc615e50ad974cb3d6ae42ded966d987ad956a5d1c74685

  • SHA512

    757a6284883bd8c9357ae281f844be8fb32666f3f19583df03994d67fbaae2a81f7515a9f45c629dd06e338afd089fd0994f0b0e17f5dfdded8912c08973353a

  • SSDEEP

    49152:j1ul0LUEKG8vAGAMWZ8ILeB2EIUCjc1Pi5sD8fzqejwzWQN+QhaDUAoojNXv7Nsv:J68V8Dm80eBPIhSobqeszWRDJdjNXTNA

  Score

  10^/10

  pandastealerevasionspywarestealerthemidatrojan

  • Panda Stealer payload

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2