pandastealer | cebe0841efbcee04c09bf7cf10d8c6d7e963fc903e31e11cb8a1dd5ea1074c32 | Triage

Submit
Reports

Overview

overview

Static

static

3

eb0c26613c...18.exe

windows7-x64

eb0c26613c...18.exe

windows10-2004-x64

Sharing

General

Target

eb0c26613cb4b34284dd9b936e59db28_JaffaCakes118
Size

1.6MB
Sample

240919-lhvfza1fre
MD5

eb0c26613cb4b34284dd9b936e59db28
SHA1

5f1352d01de3b097a8c1a600eb0a089c0223ec9e
SHA256

cebe0841efbcee04c09bf7cf10d8c6d7e963fc903e31e11cb8a1dd5ea1074c32
SHA512

6cd3856fc1cad1edb79a054545061e3890fe0454cfbcdcd98775edf74a7cdf5249293fd345a1b8a4231f971134ab0f0bdb1679cc27cd569b0dc089575aca33c8
SSDEEP

24576:pwNEw5EbIBqVFxmXmduv/M1NwD0gyeIeYu4D/264ChbFD79u5w:n0qcXmG/MDY0SA+BCL79

Score

10^/10

pandastealer credential_access discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eb0c26613cb4b34284dd9b936e59db28_JaffaCakes118.exe

Resource

win7-20240903-en

pandastealer credential_access discovery stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb0c26613cb4b34284dd9b936e59db28_JaffaCakes118.exe

Resource

win10v2004-20240802-en

pandastealer credential_access discovery stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb0c26613cb4b34284dd9b936e59db28_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  eb0c26613cb4b34284dd9b936e59db28
- SHA1
  
  5f1352d01de3b097a8c1a600eb0a089c0223ec9e
- SHA256
  
  cebe0841efbcee04c09bf7cf10d8c6d7e963fc903e31e11cb8a1dd5ea1074c32
- SHA512
  
  6cd3856fc1cad1edb79a054545061e3890fe0454cfbcdcd98775edf74a7cdf5249293fd345a1b8a4231f971134ab0f0bdb1679cc27cd569b0dc089575aca33c8
- SSDEEP
  
  24576:pwNEw5EbIBqVFxmXmduv/M1NwD0gyeIeYu4D/264ChbFD79u5w:n0qcXmG/MDY0SA+BCL79
Score

10^/10

pandastealer credential_access discovery stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealercredential_accessdiscoverystealer

behavioral2

pandastealercredential_accessdiscoverystealer

© 2018-2024

Terms | Privacy