pandastealer | CollectorNewCrack v1[.]2[.]exe | Triage

Sharing

General

Target

CollectorNewCrack v1.2.exe
Size

1.4MB
MD5

63407f31536559ee07eccc5ac77375a6
SHA1

0d7c979e7c8025f1b8e81205eb32f156a361a4aa
SHA256

bab06d973a2b8b87c4cd7d43f8b38d336c536703248ef54b6350749731307621
SHA512

ad07756dd19cb537183c4ef0141b067aac4c17ab5118ad5269d41c9115628379b9b15e289111fb01627e821e5b26a08594bf8e748fcaf07d36a7718ffe90d9f1
SSDEEP

24576:6RmS1cpdynt7K6opm34fjVgY9Nj9rMVPoJEKZ6IEGTMxapRl2PSwHTehy6BP+pXW:6k8adyntO030jrLrIouKZ6iMqRl2PSwo

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CollectorNewCrack v1.2.exe

Files

CollectorNewCrack v1.2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pososi0
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pososi1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ