Malware Analysis Report

2024-09-22 15:26

Sample ID 240417-rp9r5adb71
Target f5f93b480a4ca583092b496be670cab9_JaffaCakes118
SHA256 62d0df3e2034c38c55163ea9a5e6c972416a39a3dac53fecea54fec272301fdc
Tags
pandastealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

62d0df3e2034c38c55163ea9a5e6c972416a39a3dac53fecea54fec272301fdc

Threat Level: Known bad

The file f5f93b480a4ca583092b496be670cab9_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

pandastealer spyware stealer

Panda Stealer payload

Pandastealer family

PandaStealer

Reads user/profile data of web browsers

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-04-17 14:23

Signatures

Panda Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Pandastealer family

pandastealer

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 14:23

Reported

2024-04-17 14:44

Platform

win7-20240319-en

Max time kernel

118s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe"

Signatures

PandaStealer

stealer pandastealer

Reads user/profile data of web browsers

spyware stealer

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 collector-node.us udp
US 8.8.8.8:53 collector-steal.ga udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 14:23

Reported

2024-04-17 14:45

Platform

win10v2004-20240412-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe"

Signatures

PandaStealer

stealer pandastealer

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\f5f93b480a4ca583092b496be670cab9_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 248.81.21.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 collector-node.us udp
US 8.8.8.8:53 collector-steal.ga udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 81.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A