Overview

overview

10

Static

static

7

e27f611b58...18.exe

windows7-x64

10

e27f611b58...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-04-2024 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e27f611b58c54c195dd169446f910f39_JaffaCakes118.exe

  • Size

    5.8MB

  • MD5

    e27f611b58c54c195dd169446f910f39

  • SHA1

    42701017170cf3f72d6e9733195c0bccc49907fa

  • SHA256

    2d7e884e652780ab3e988f180b7bdc38ec7f178b03fb2dede887c74df2196d81

  • SHA512

    7d06cb408b73861dd419eb412307f7bd5674d556b4e5590b6efc05daf2ea8a2f8b16816bc2fa959959dffb9fd8f90698ff43f461f199ed62f2350c07a790b5e3

  • SSDEEP

    98304:vj1FNIFlRjCLym0a6akne3mNYgm32L/1dNK3acECdB3m8qZY2C:b1FNIFlpeN6aknGaY/32LrIawdB3wQ

Score
10/10
pandastealerspywarestealervmprotect

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://a0565396.xsph.ru

Signatures

  • Panda Stealer payload 4 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e27f611b58c54c195dd169446f910f39_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e27f611b58c54c195dd169446f910f39_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2840-0-0x0000000000EB0000-0x0000000001875000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/2840-1-0x00000000000E0000-0x00000000000E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-3-0x0000000000EB0000-0x0000000001875000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/2840-4-0x00000000000E0000-0x00000000000E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-6-0x00000000000E0000-0x00000000000E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-8-0x00000000775F0000-0x00000000775F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-7-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-10-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-12-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2840-13-0x0000000000EB0000-0x0000000001875000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/2840-33-0x0000000000EB0000-0x0000000001875000-memory.dmp

    Filesize

    9.8MB

    Download