pandastealer

General

Target

e27f611b58c54c195dd169446f910f39_JaffaCakes118
Size

5.8MB
Sample

240406-n6s9xsae27
MD5

e27f611b58c54c195dd169446f910f39
SHA1

42701017170cf3f72d6e9733195c0bccc49907fa
SHA256

2d7e884e652780ab3e988f180b7bdc38ec7f178b03fb2dede887c74df2196d81
SHA512

7d06cb408b73861dd419eb412307f7bd5674d556b4e5590b6efc05daf2ea8a2f8b16816bc2fa959959dffb9fd8f90698ff43f461f199ed62f2350c07a790b5e3
SSDEEP

98304:vj1FNIFlRjCLym0a6akne3mNYgm32L/1dNK3acECdB3m8qZY2C:b1FNIFlpeN6aknGaY/32LrIawdB3wQ

Score

10^/10

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://a0565396.xsph.ru

Targets

- Target
  
  e27f611b58c54c195dd169446f910f39_JaffaCakes118
- Size
  
  5.8MB
- MD5
  
  e27f611b58c54c195dd169446f910f39
- SHA1
  
  42701017170cf3f72d6e9733195c0bccc49907fa
- SHA256
  
  2d7e884e652780ab3e988f180b7bdc38ec7f178b03fb2dede887c74df2196d81
- SHA512
  
  7d06cb408b73861dd419eb412307f7bd5674d556b4e5590b6efc05daf2ea8a2f8b16816bc2fa959959dffb9fd8f90698ff43f461f199ed62f2350c07a790b5e3
- SSDEEP
  
  98304:vj1FNIFlRjCLym0a6akne3mNYgm32L/1dNK3acECdB3m8qZY2C:b1FNIFlpeN6aknGaY/32LrIawdB3wQ
Score

10^/10

pandastealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Panda Stealer payload

Reads user/profile data of web browsers

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2