General

  • Target

    BFDFC7BDB3890683E8D3B5F3D9CAE5048DE3CBEDEBF223E4B9B732B096917BEB.exe

  • Size

    562KB

  • Sample

    240724-zxqyzszemb

  • MD5

    f5ce2d7efe8c3aaed87ec7e8adc05f03

  • SHA1

    693bb3cb67684e2b8b73956431b35b97dad92f15

  • SHA256

    cf47849486b54a356e344fa8b4fb6540caec3f602fc44d2c381ef2213c24d135

  • SHA512

    c47ef59080a18c91558685e5526a9e7dd1721e76cea931d947ecec70ee2252d2528332f7b31b8726185dfd220f497ffeb6ef705e3c9ce3aa9146b9c3d6397e16

  • SSDEEP

    12288:J7vT8cGUCZmxIwNjVGCXZqmmJUE/JHkdIUnjoqhPkw4d:Jz4BUCZmxIw1VGCXZ5mJ1kdZnBhY

Malware Config

Targets

    • Target

      BFDFC7BDB3890683E8D3B5F3D9CAE5048DE3CBEDEBF223E4B9B732B096917BEB.exe

    • Size

      562KB

    • MD5

      f5ce2d7efe8c3aaed87ec7e8adc05f03

    • SHA1

      693bb3cb67684e2b8b73956431b35b97dad92f15

    • SHA256

      cf47849486b54a356e344fa8b4fb6540caec3f602fc44d2c381ef2213c24d135

    • SHA512

      c47ef59080a18c91558685e5526a9e7dd1721e76cea931d947ecec70ee2252d2528332f7b31b8726185dfd220f497ffeb6ef705e3c9ce3aa9146b9c3d6397e16

    • SSDEEP

      12288:J7vT8cGUCZmxIwNjVGCXZqmmJUE/JHkdIUnjoqhPkw4d:Jz4BUCZmxIw1VGCXZ5mJ1kdZnBhY

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • PhoenixStealer

      PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks