pandastealer

Sharing

Copy URL

Twitter E-mail

General

Target

63b3e17c72ad059f0071f0cb12c28026_JaffaCakes118
Size

13.9MB
Sample

241020-w5mdzstbjb
MD5

63b3e17c72ad059f0071f0cb12c28026
SHA1

16f4fda36d7f03e7fdd5b04763e3b5a13a3d988d
SHA256

1a5394a7c831183f93d8fb57e2639f4a19166ffc4e53d06a47bec6188046b9df
SHA512

52c5458e4d5ea4911b40c25cbd65ef9c4bca5bd48da79d74270474d4f6dbbcdba17fe0a5eed863126716dd68fd5fe7fa9ad89351c91d7da504a5df0e9b0c8f78
SSDEEP

393216:1YTtIlMfJ4qJ2KhxG+1R6iSQVBjw68BxnbkU7I:1vMOMDQ+z6iLfM68xnwU7I

Score

10^/10

Malware Config

Targets

- Target
  
  UMPTOOL V4.02_060725/Message.dll
- Size
  
  2.6MB
- MD5
  
  8e94611ea8b234c310d59ae76b39c25b
- SHA1
  
  85af5a0e327f16b9c67d565ac324c49e3ca23400
- SHA256
  
  b610e454c5637828e0f46e41ea7771ef2f242ffca89f44589d8857be7bb5eb61
- SHA512
  
  3a2240fdb35e865e108650d3b8fbc9c14b8291710cef3963d8f1fbdabf65596bc893def8e2bb348359eb718ff97107d241f3723d8cba944c7ff099566376974e
- SSDEEP
  
  49152:7x8UZsKA4FzRP2F9MakE7pN9so+/qpVrM6GD8Uoa:qosKZ/DEb9s3r8Uo
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  UMPTOOL V4.02_060725/UMPTool.exe
- Size
  
  1.9MB
- MD5
  
  286c1d33c13107a754b3d6418c2f82a0
- SHA1
  
  23fd752ef8ebff5e11a9f5dfbc6b579c12941dc3
- SHA256
  
  02ba2fb655d57ef15148e5481bec13a830bec891a049165713b09625b07629c6
- SHA512
  
  41e1d1c431d3cd6f80a3fc901d872602f4e122da83c2b1ce6d0cbe1d1f961c4d3c5d073063abb3bb61f846b66912541381347753c10628f8695f6d73db9cb14c
- SSDEEP
  
  24576:42ON6nES5X9hYbdG5frOl4B7dtsq8iWn3HOCVgBUjChESJhXY6lRdLGZ+C3WGA6J:RO65XIoMl02Hhg8C+O34NvT2flAZe5
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  AutoRun.exe
- Size
  
  309KB
- MD5
  
  b1b6f5cc4a0b1741fbbcbe59870c0408
- SHA1
  
  a340265c474e8a4fd17944f39ac5b0dd82e6efce
- SHA256
  
  01ab23b85fbfdb0e24f74c7d56f45e084075223badf15e1dc2a393643dafb3fd
- SHA512
  
  779ea1b7eacd1811442137a777d4df06cf094f2ea1720daff447c62b1c9f257e8fae2d3ade14a5f0e417e909521a213cc262771a72c7f3b188920a686aeaddc2
- SSDEEP
  
  6144:Cs73RmzXH6LUApL36gYZq0ugdoj3zFbb0FBq/bKjlAa1j/R/jASX:Vmz3HYLmIpgdoDJ0Fq2lR1RLASX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  AutoSvr.exe
- Size
  
  28KB
- MD5
  
  6bdf4e29e3b054e9e4ca2ee41ac5854b
- SHA1
  
  77e3b2f1e8fa1faf25c32c0c98b023dab153e926
- SHA256
  
  6ad5b547f033a3bc1ea63558081983a965d1d09f8efc6c309dbba340e783d831
- SHA512
  
  4c696e028a16ea002e0e9ea1eef33ccf512380e9060233a7fb943cca16fc800b0938bea5be13461de49617e3bfe04c94492e15c0ee3e14c802c22f2036cda6ef
- SSDEEP
  
  192:0Z/gegLZ/gTC42m1zAuVEnyA3Qfo0DRa/jUp61oync7eQkK51KOzXJ:0Zo34TCnmSus8o/jUp61S7751TzXJ
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  Loader.exe
- Size
  
  36KB
- MD5
  
  6622163d43a78bd366317503f39d94bb
- SHA1
  
  326396b74f133f57a7dcef88173661fdea381a98
- SHA256
  
  bd5360469b8626b95211a085d69a8fa2e668cdb726b328393664c33ed109e145
- SHA512
  
  28e3334f02d97e62b0a5d11ab718099f03d5a511105a4d24d6d49be5b4d786cbef2d8a1733a0d8aa1e06b4abc70546fc277f147b56a3e066c4f131ea986f9d9e
- SSDEEP
  
  384:rYRAK0LOSspxdHfj5NfZuShuuyu1b+rdkjAd1mVJcD1P:rYJOOtR73h3yu1EKcdicD
Score

10^/10

discovery pandastealer macro macro_on_action spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral10 behavioral9
- Target
  
  PlayMedia.exe
- Size
  
  20KB
- MD5
  
  c1cec83c4e41a6697503a98f1fd87275
- SHA1
  
  1bc4de31f06ecb48844ddc9bcf28f750313d64d3
- SHA256
  
  a525371965e2cdb3723335472055a5ad16d494f1aa4a754b217387dcf4ec1c41
- SHA512
  
  3ba60244032d7a5ab3f938be9adea1663cefc75dc24f4de98bc5338a4b038106b46ce87cd7429566f60a62bd66305802e059bb0af0d2823a07627a9261685c6e
- SSDEEP
  
  96:5s2jK8EW9a6wypyGNBUDVfH7qwcTzfjsHeAmWsd1D90Wsd4Vtboyn6EO4XQKJh:5sWN9a6wy9C9MTPs+A4wd61oyn6EnX7
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  UMPTOOL V4.02_060725/pwd/Login.exe
- Size
  
  52KB
- MD5
  
  2e76c803a357ffbc5d6f3233d463e407
- SHA1
  
  cc181fe9842811587fd8beaf39adab408eecf0aa
- SHA256
  
  322eea4fcc5f2d4e6769ad5182c6ec477ef0acae0eeca32feaf2e8d4049ac4e1
- SHA512
  
  0b45ef7f568b4312075a3c21cd14d63bd1bdcd230e55322df4722057c269a8774ec116b99df0c9160324cde10f3352069f75aaf445e95d3560944df3f0c86383
- SSDEEP
  
  768:tSlLGxjpNmKgCtjR3KUj0rBU6VpYwvV/4zA8VzACq/:t31Nmn6j1pjufpZ9wDVS
Score

7^/10

discovery
- Executes dropped EXE
behavioral13 behavioral14
- Target
  
  UMPTOOLV4.02_060804_MLC专用/Message.dll
- Size
  
  2.6MB
- MD5
  
  c4fe71b61da48bd8667dab0065dccada
- SHA1
  
  d34f70ea3190c15a74a494ce00a02503b69fc324
- SHA256
  
  ed9c5f91546224e88411298255b640b4965860ac98c0e23a9c7f8690fac83241
- SHA512
  
  08871d0225b63f0a0af406e5dfa2ede893f216481e211042c45439cc5722bf611ca44dd8c7c0d6dc64fbe73d39ef622bdc16ead5f40574c78e0c5ce3c730bf7b
- SSDEEP
  
  49152:Jx8UZsKA4FzRP2F9MakE7pN9so+/qpVrM6OX8Uoa:4osKZ/DEb9s3H8Uo
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  UMPTOOLV4.02_060804_MLC专用/UMPTool.exe
- Size
  
  1.9MB
- MD5
  
  286c1d33c13107a754b3d6418c2f82a0
- SHA1
  
  23fd752ef8ebff5e11a9f5dfbc6b579c12941dc3
- SHA256
  
  02ba2fb655d57ef15148e5481bec13a830bec891a049165713b09625b07629c6
- SHA512
  
  41e1d1c431d3cd6f80a3fc901d872602f4e122da83c2b1ce6d0cbe1d1f961c4d3c5d073063abb3bb61f846b66912541381347753c10628f8695f6d73db9cb14c
- SSDEEP
  
  24576:42ON6nES5X9hYbdG5frOl4B7dtsq8iWn3HOCVgBUjChESJhXY6lRdLGZ+C3WGA6J:RO65XIoMl02Hhg8C+O34NvT2flAZe5
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  AutoRun.exe
- Size
  
  309KB
- MD5
  
  b1b6f5cc4a0b1741fbbcbe59870c0408
- SHA1
  
  a340265c474e8a4fd17944f39ac5b0dd82e6efce
- SHA256
  
  01ab23b85fbfdb0e24f74c7d56f45e084075223badf15e1dc2a393643dafb3fd
- SHA512
  
  779ea1b7eacd1811442137a777d4df06cf094f2ea1720daff447c62b1c9f257e8fae2d3ade14a5f0e417e909521a213cc262771a72c7f3b188920a686aeaddc2
- SSDEEP
  
  6144:Cs73RmzXH6LUApL36gYZq0ugdoj3zFbb0FBq/bKjlAa1j/R/jASX:Vmz3HYLmIpgdoDJ0Fq2lR1RLASX
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  AutoSvr.exe
- Size
  
  28KB
- MD5
  
  6bdf4e29e3b054e9e4ca2ee41ac5854b
- SHA1
  
  77e3b2f1e8fa1faf25c32c0c98b023dab153e926
- SHA256
  
  6ad5b547f033a3bc1ea63558081983a965d1d09f8efc6c309dbba340e783d831
- SHA512
  
  4c696e028a16ea002e0e9ea1eef33ccf512380e9060233a7fb943cca16fc800b0938bea5be13461de49617e3bfe04c94492e15c0ee3e14c802c22f2036cda6ef
- SSDEEP
  
  192:0Z/gegLZ/gTC42m1zAuVEnyA3Qfo0DRa/jUp61oync7eQkK51KOzXJ:0Zo34TCnmSus8o/jUp61S7751TzXJ
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  Loader.exe
- Size
  
  36KB
- MD5
  
  6622163d43a78bd366317503f39d94bb
- SHA1
  
  326396b74f133f57a7dcef88173661fdea381a98
- SHA256
  
  bd5360469b8626b95211a085d69a8fa2e668cdb726b328393664c33ed109e145
- SHA512
  
  28e3334f02d97e62b0a5d11ab718099f03d5a511105a4d24d6d49be5b4d786cbef2d8a1733a0d8aa1e06b4abc70546fc277f147b56a3e066c4f131ea986f9d9e
- SSDEEP
  
  384:rYRAK0LOSspxdHfj5NfZuShuuyu1b+rdkjAd1mVJcD1P:rYJOOtR73h3yu1EKcdicD
Score

10^/10

pandastealer discovery macro macro_on_action spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral23 behavioral24
- Target
  
  PlayMedia.exe
- Size
  
  20KB
- MD5
  
  c1cec83c4e41a6697503a98f1fd87275
- SHA1
  
  1bc4de31f06ecb48844ddc9bcf28f750313d64d3
- SHA256
  
  a525371965e2cdb3723335472055a5ad16d494f1aa4a754b217387dcf4ec1c41
- SHA512
  
  3ba60244032d7a5ab3f938be9adea1663cefc75dc24f4de98bc5338a4b038106b46ce87cd7429566f60a62bd66305802e059bb0af0d2823a07627a9261685c6e
- SSDEEP
  
  96:5s2jK8EW9a6wypyGNBUDVfH7qwcTzfjsHeAmWsd1D90Wsd4Vtboyn6EO4XQKJh:5sWN9a6wy9C9MTPs+A4wd61oyn6EnX7
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  UMPTOOLV4.02_060804_MLC专用/pwd/LoginTool.exe
- Size
  
  52KB
- MD5
  
  0280b5da0aafb774d513e88b542c9f44
- SHA1
  
  6ff2f6c9912f8c4276b3d44bfb104c8aaedd1d02
- SHA256
  
  8733dff2d86e3be95abee96fd92c429a7dc13619d227085e36b87c25a8cae745
- SHA512
  
  f3115d7d467f8bf44601246abc50b1887ecd557eb224120dd7252f40607ca419f39f22da534aaaa2b4be4dec5dfddf71e7b9c29941b8da3423585d23780de1af
- SSDEEP
  
  768:tfllltTl19mkUCtjR3KUj0rBU6VpYwrV/4zX/rEVgzACap:t7J19mF6j1pjufpZxwXEVgE
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  芯邦量产工具/西西软件.url
- Size
  
  81B
- MD5
  
  e4f41735a0e581409db59f69d760d0b2
- SHA1
  
  34cde2f7f048975ca9562db6f5d2c7d472bb2118
- SHA256
  
  35c4cd056728a76a20efb066c7313e389e23718039705d030f966e079d005fe6
- SHA512
  
  49781a304efe5150db4ce25deae589183fbaecdb9d07e5478a20581c5f2f0d401f44c10a9f126b7dc32df653f9d1d64d82c45643093c87e5c81eb92b7de44d94
Score

1^/10
behavioral29 behavioral30
- Target
  
  量产工具1027/CBM2080_Flash_Support_list_060925.pdf
- Size
  
  147KB
- MD5
  
  8745801b426fdc62241ea32863290ca3
- SHA1
  
  1f3453097e004fe0150541f6e2773352ed08c978
- SHA256
  
  23db3917b6fa0c076a5603c91978f1f940c3976b5ecf7071a64828f97145e7e3
- SHA512
  
  07aaa82222af4c21650e786ed1ca6836bd54c8c1b7586999f3dec814702b508d04206c91ea818f30abc300a8edc704a2f4a3e4fb053f4c3ba8fd3342eb0d7bb5
- SSDEEP
  
  3072:DqJOE+OycJTxcWLRduK/XYe2dBsHPNXjOAXB/TCUJx17MN1/n8ljmRKyV+:DRE+OycjckIeescy/TCso1EloY
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Enumerates connected drives

Panda Stealer payload

Office macro that triggers on suspicious action

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Executes dropped EXE

Adds Run key to start application

Enumerates connected drives

Panda Stealer payload

PandaStealer

Office macro that triggers on suspicious action

Reads user/profile data of web browsers

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32