pandastealer

General

Target

f254e5be8e7dd4bccf602648eea53295_JaffaCakes118
Size

5.8MB
Sample

240416-bfemmafb3t
MD5

f254e5be8e7dd4bccf602648eea53295
SHA1

7aac3880436eb6e1668630bba480d1943ad3e4a1
SHA256

43a4364f8ce930a1d8f55bf226a18251863e15f67ac1d85e7eef20d95e11fc7c
SHA512

0c74185622ca8d6a43107a0284f73e44cd5d21aa296f0c3ad1c95fb6e55ac0a00420ca8ccb2a1cc89447485887abcec6cccb24aa2bfd1befdeda5ac572538f80
SSDEEP

98304:EOAGCKb28pfHUJ4+ho4a7vFM8Fa4KRkNVEbR/JYll3FArv+ByaOHqe8mX:LAGC8VmC+hnTl49EbN0MrA40m

Score

10^/10

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0564653.xsph.ru

Targets

- Target
  
  f254e5be8e7dd4bccf602648eea53295_JaffaCakes118
- Size
  
  5.8MB
- MD5
  
  f254e5be8e7dd4bccf602648eea53295
- SHA1
  
  7aac3880436eb6e1668630bba480d1943ad3e4a1
- SHA256
  
  43a4364f8ce930a1d8f55bf226a18251863e15f67ac1d85e7eef20d95e11fc7c
- SHA512
  
  0c74185622ca8d6a43107a0284f73e44cd5d21aa296f0c3ad1c95fb6e55ac0a00420ca8ccb2a1cc89447485887abcec6cccb24aa2bfd1befdeda5ac572538f80
- SSDEEP
  
  98304:EOAGCKb28pfHUJ4+ho4a7vFM8Fa4KRkNVEbR/JYll3FArv+ByaOHqe8mX:LAGC8VmC+hnTl49EbN0MrA40m
Score

10^/10

pandastealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Panda Stealer payload

Reads user/profile data of web browsers

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2