Overview

overview

10

Static

static

7

e0c9432211...68.exe

windows7-x64

10

e0c9432211...68.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0c94322110f60ff3aeda374185e6b68

  • Size

    2.8MB

  • Sample

    240327-e7w8jach45

  • MD5

    e0c94322110f60ff3aeda374185e6b68

  • SHA1

    d5e796db9f639ff829ce374c3b8e6087a2913f3b

  • SHA256

    c148633e99f5d088da8d94c65e5c8c0c081bf9058e095c6f77f711735dfe1257

  • SHA512

    1e2a3649e861babb0c113f24c607b4eca5a0eb7b7d704928421c46e19d18efbcf741eedc51dc0d1721db50bc38ff068b98e5cab20ad9a81fb0514792c886bef0

  • SSDEEP

    49152:6eUV/73SWNJimjrwZjDp+ll42k1vKiL09UJUfk4gbWmikhrdnGiX:HUV/pM7ZjD8lnovlNJUc4gKmdPn3X

Score
10/10
pandastealerevasionspywarestealerthemidatrojan

Malware Config

Extracted

Family

pandastealer

Version

$_��

C2

http://Q�$��&"�$WV��d}�ց� �%��/�8d��^�|$_S����

Extracted

Family

pandastealer

Version

1.11

C2

http://f0567020.xsph.ru

Targets

    • Target

      e0c94322110f60ff3aeda374185e6b68

    • Size

      2.8MB

    • MD5

      e0c94322110f60ff3aeda374185e6b68

    • SHA1

      d5e796db9f639ff829ce374c3b8e6087a2913f3b

    • SHA256

      c148633e99f5d088da8d94c65e5c8c0c081bf9058e095c6f77f711735dfe1257

    • SHA512

      1e2a3649e861babb0c113f24c607b4eca5a0eb7b7d704928421c46e19d18efbcf741eedc51dc0d1721db50bc38ff068b98e5cab20ad9a81fb0514792c886bef0

    • SSDEEP

      49152:6eUV/73SWNJimjrwZjDp+ll42k1vKiL09UJUfk4gbWmikhrdnGiX:HUV/pM7ZjD8lnovlNJUc4gKmdPn3X

    Score
    10/10
    pandastealerevasionspywarestealerthemidatrojan

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks