Behavioral task
behavioral1
Sample
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe
Resource
win10v2004-20240802-en
General
-
Target
c9c937d7791010e40713bf9c7812a532.zip
-
Size
315KB
-
MD5
80a607383b49efd359052cf5a76846f5
-
SHA1
f95bb73edce6d9a830433714b92f21ca1d10c29f
-
SHA256
0c9bb87d9303848373cb387f1705357eef700cdeb900ffee0cbd997a29efa7ae
-
SHA512
ff7aa88f54db672652dad19b85a47bfab858120d5161a4842c53fe495414893ca8e564691700a884f9625993a19fd356d67d06af5dae8659834c80e1a6abbdcd
-
SSDEEP
6144:dsfQIfFPGcfyx9KLsr05nRbn6i7X4YnVrx/UoL1485r5:dWQIfwc/dPbn6+oYP8wV
Malware Config
Signatures
-
resource yara_rule static1/unpack001/43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af family_phoenixstealer -
Panda Stealer payload 1 IoCs
resource yara_rule static1/unpack001/43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af family_pandastealer -
Pandastealer family
-
Phoenixstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af
Files
-
c9c937d7791010e40713bf9c7812a532.zip.zip
Password: infected
-
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af.exe windows:6 windows x86 arch:x86
Password: infected
06c6e92acd3ff57b00b3132976b3f6d6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
MultiByteToWideChar
Sleep
GetTempPathA
GetLastError
GetFileAttributesA
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
DeleteFileW
CloseHandle
LoadLibraryW
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleFileNameA
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
HeapFree
SetLastError
VirtualAlloc
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
InitializeCriticalSectionEx
CreateMutexA
WaitForSingleObject
LocalAlloc
ReleaseMutex
UnmapViewOfFile
GetModuleHandleA
GetFileAttributesW
HeapSize
SetCurrentDirectoryA
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
GetFileInformationByHandle
QueryFullProcessImageNameA
SetEvent
FileTimeToSystemTime
TerminateThread
TlsAlloc
GlobalAlloc
Process32Next
GlobalFree
HeapReAlloc
RaiseException
HeapAlloc
QueueUserAPC
GetLocalTime
DecodePointer
GlobalLock
CreateFileMappingA
LocalFree
VerSetConditionMask
GetProcessHeap
SystemTimeToFileTime
SleepEx
TlsGetValue
TlsFree
MapViewOfFile
CreateIoCompletionPort
GlobalUnlock
ReadConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetFileSizeEx
CreateFileW
GetTempPathW
SetEndOfFile
GetFullPathNameA
SetFilePointer
AreFileApisANSI
InitializeCriticalSection
LeaveCriticalSection
LockFile
GetCurrentThreadId
WriteFile
GetFullPathNameW
EnterCriticalSection
ReadFile
OpenProcess
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCPInfo
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
GetFileInformationByHandleEx
OutputDebugStringW
RtlUnwind
EncodePointer
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
WriteConsoleW
user32
GetKeyState
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
ReleaseDC
OpenClipboard
GetDesktopWindow
gdi32
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
GetObjectW
CreateDCA
StretchBlt
advapi32
RegGetValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
shell32
SHGetFolderPathA
ws2_32
htons
getsockopt
setsockopt
WSAGetLastError
connect
WSAStartup
WSASocketW
WSAStringToAddressW
htonl
WSASetLastError
ntohl
select
WSASend
closesocket
WSACleanup
ioctlsocket
Sections
.text Size: 450KB - Virtual size: 450KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ