pandastealer | be27bc8a9dab3b415bbc9bd1aec4d36b1a1cecc1e2d9fa298c87281479d7ef82 | Triage

Sharing

General

Target

be27bc8a9dab3b415bbc9bd1aec4d36b1a1cecc1e2d9fa298c87281479d7ef82N
Size

3.2MB
Sample

241021-qzmvnsxfnm
MD5

5256b4591f38e362966bf251ae756da0
SHA1

65c90a1a336dd3e1711aad8a7a4f763a14ac4eee
SHA256

be27bc8a9dab3b415bbc9bd1aec4d36b1a1cecc1e2d9fa298c87281479d7ef82
SHA512

731b263ce7cc6fb94419d909cd207bcf346986f4dafc879766f5a7821b8f044bf76dc128dfee22b63f382f7f5627711a507faf8c2daf7d324e3c49250e9579c9
SSDEEP

98304:FV2NcsQ02VEnzsa9e0KugO2vdwSsKHqMvJ:FVicsz2V5gbgO2vdw1TQJ

Score

10^/10

pandastealer discovery stealer

Malware Config

Targets

- Target
  
  be27bc8a9dab3b415bbc9bd1aec4d36b1a1cecc1e2d9fa298c87281479d7ef82N
- Size
  
  3.2MB
- MD5
  
  5256b4591f38e362966bf251ae756da0
- SHA1
  
  65c90a1a336dd3e1711aad8a7a4f763a14ac4eee
- SHA256
  
  be27bc8a9dab3b415bbc9bd1aec4d36b1a1cecc1e2d9fa298c87281479d7ef82
- SHA512
  
  731b263ce7cc6fb94419d909cd207bcf346986f4dafc879766f5a7821b8f044bf76dc128dfee22b63f382f7f5627711a507faf8c2daf7d324e3c49250e9579c9
- SSDEEP
  
  98304:FV2NcsQ02VEnzsa9e0KugO2vdwSsKHqMvJ:FVicsz2V5gbgO2vdw1TQJ
Score

10^/10

pandastealer discovery stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerdiscoverystealer

behavioral2

pandastealerdiscoverystealer