pandastealer | 6db345ff7f370b0785a5ce1a0f3e8d9b2a8d8fb6a236d29744c87749868adc50 | Triage

Sharing

General

Target

852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118
Size

6.7MB
Sample

241102-neg3ksvqgk
MD5

852b1c668870b9e64ac7c23d5d75ee9e
SHA1

28b2571d9d3585552480607a95e9dd242b96a766
SHA256

6db345ff7f370b0785a5ce1a0f3e8d9b2a8d8fb6a236d29744c87749868adc50
SHA512

e375078ad47ef25612e81051dd366f23db30534e7743a9b5b708a58a3b5086521d5c0c5d7a1998d7c9196e18adfc51777a2ff824dde61983149dbc0e2c112588
SSDEEP

196608:D7q7IsFwqyNah8zqpati6Kf5rnVQ1V85Ej:DzmU68maV4Rne85q

Score

10^/10

pandastealer discovery stealer

Malware Config

Targets

- Target
  
  852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118
- Size
  
  6.7MB
- MD5
  
  852b1c668870b9e64ac7c23d5d75ee9e
- SHA1
  
  28b2571d9d3585552480607a95e9dd242b96a766
- SHA256
  
  6db345ff7f370b0785a5ce1a0f3e8d9b2a8d8fb6a236d29744c87749868adc50
- SHA512
  
  e375078ad47ef25612e81051dd366f23db30534e7743a9b5b708a58a3b5086521d5c0c5d7a1998d7c9196e18adfc51777a2ff824dde61983149dbc0e2c112588
- SSDEEP
  
  196608:D7q7IsFwqyNah8zqpati6Kf5rnVQ1V85Ej:DzmU68maV4Rne85q
Score

10^/10

pandastealer discovery stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  18KB
- MD5
  
  02d7f5e5dd1512bee2343a21d9970eba
- SHA1
  
  382abcdc03c3a0990d4482427bff757a8c5b8796
- SHA256
  
  e203bd2042cc75d229cfa18d2862c4c90754b8de1361fd4b65aef808076f5a27
- SHA512
  
  681908f5c9075e5b18862ac3a52e07c8c1e0a7412c54ee6d5a765f72ab7d7d19e3b67fe9ef59279cfb0b77e042277e7b06a6bec788198977415407d520340706
- SSDEEP
  
  384:Hzdp+8vYqh+KhpR3+OftfWdrierxIwAWguQhxtzUl2x5fTz:HzdhvYqh+KNNVSierywAWTwOlYtTz
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/OCSetupHlp.dll
- Size
  
  438KB
- MD5
  
  b5ec60121dee1a742202d32089dfbdac
- SHA1
  
  3a03722c994f0fdaf69eb07db7c93502ee99dc72
- SHA256
  
  6b3483c1ab83ed1324cdcff141c96421c25fe1e1667f6d624861ce462778659e
- SHA512
  
  eb4cb4a587bd5449f6d36f96be1c2f79250fee50b9605fcf2ee074db3e2cd2e33fe35f56297d438b45106b1cd68d7de5995097609bacb18f94bed71df4d106f3
- SSDEEP
  
  6144:/Vhp3y+QqV5epuEAwXDf//3/rP/cqx7kMK9RdkXbRsSfFedkTmWBQFJd62WCvGi4:9ozXDf//3/D/15kM8sLFGUmWB6JdTG8o
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  f7b92b78f1a00a872c8a38f40afa7d65
- SHA1
  
  872522498f69ad49270190c74cf3af28862057f2
- SHA256
  
  2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
- SHA512
  
  3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
- SSDEEP
  
  192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/pin.vbs
- Size
  
  1KB
- MD5
  
  2612f70262c6641cddd6ffb88b2bf118
- SHA1
  
  4564e41168323750afb07152d716582cc56ab83c
- SHA256
  
  6f97f4bd0f72b6af58dc05b06df7568330dca4e5cf9a8eda335fb28e975f54a7
- SHA512
  
  93bc0a85f17e4f2f06326904887a4b4e1c466609d9127efa9bfaaad0af04cd39ebe62608a7cdfb10b74d8280f866b3019fc139e69246eb19a3e5231b5cf75612
Score

1^/10
behavioral11 behavioral12
- Target
  
  CSMX.dll
- Size
  
  72KB
- MD5
  
  b6cfb690fe5997da0f07506c8982334f
- SHA1
  
  711182ef9a50748927cfac6aa5d1ad5efcb87db2
- SHA256
  
  571b72ffb844514cbb2d0d903929c56bd0b8f20c0fa0d3b6dadbfc6dc959f11c
- SHA512
  
  dd045a08d305e38ea5fe04759442531341b9d8977d077db803b1768811c2f17e7997d922187b733f22992723fef6ac3ec4481fd4497a90fd47cf4dc1e1a99777
- SSDEEP
  
  1536:5KhiggI4wvo1Aq9cBTEEob2oulvyYock5:5KhhgI4wvyAvt0Whock
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Esdll.dll
- Size
  
  396KB
- MD5
  
  e7cf8ddd9941ba6e08e212d91759b174
- SHA1
  
  c6aa8e0fc0edef731f338422e122ceca00a0969d
- SHA256
  
  a012917b4567830f38b557f7466bf4a9a6b8af74f34bb7d336edefb1c93f3b09
- SHA512
  
  9d492cf1ff2d56ad66a200436eef15c8598d08130ed6735eede546b42659b951b4f3a11264876b46e5f637b9b37d7ee4f974e80be327e35072068394e9352956
- SSDEEP
  
  6144:Ds4753v/TKFs2BQ9lL+2Spp3vjteaheqajv+wQzy:Ds4753v/TKFs2BQ9lLHSpp/jttUWwQy
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  IVMSource.ax
- Size
  
  216KB
- MD5
  
  261ceeafb613f8ae1ec96814a0a4ed8f
- SHA1
  
  a6c16e93f48c7381708496dc718ea32debff445f
- SHA256
  
  6f73f81f6f50b533b2ae1111ad78ebc3600d41947012cfc0adbe9f790ac0c0fe
- SHA512
  
  a524b254c5c8833d0423d934dbb498fef5734aa42152b361bd0d1c345377224b9549a45027ddbea93918883a0e7601c9544407f0b17f93c45ef41fcc099110a5
- SSDEEP
  
  3072:sIIzd882eINJu9SSk3yOioUWgjaDt1x0QHYjFzVx0Z/LyyK9FRt8tThhiBhMThZ9:d6SSk3Hw8YZzVIzhrMBksIgFHg62
Score

5^/10

discovery
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  OpenCandy/OCSetupHlp.dll
- Size
  
  438KB
- MD5
  
  b5ec60121dee1a742202d32089dfbdac
- SHA1
  
  3a03722c994f0fdaf69eb07db7c93502ee99dc72
- SHA256
  
  6b3483c1ab83ed1324cdcff141c96421c25fe1e1667f6d624861ce462778659e
- SHA512
  
  eb4cb4a587bd5449f6d36f96be1c2f79250fee50b9605fcf2ee074db3e2cd2e33fe35f56297d438b45106b1cd68d7de5995097609bacb18f94bed71df4d106f3
- SSDEEP
  
  6144:/Vhp3y+QqV5epuEAwXDf//3/rP/cqx7kMK9RdkXbRsSfFedkTmWBQFJd62WCvGi4:9ozXDf//3/D/15kM8sLFGUmWB6JdTG8o
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  PmpSplitter.ax
- Size
  
  236KB
- MD5
  
  dc1defde4f0b51bd17332586d0962786
- SHA1
  
  06a6da68883b7ef5f515f9df9d58004b502d15bb
- SHA256
  
  fc4d9fbdfebec64d2d7207ceba6fec4ad8ec2b210ee07775577d4435ea5ad8e5
- SHA512
  
  01fd15256abd24deb758e6007bef77184fad94e945192dd650d9b01798ed974675b60d818f2d570fda9b2a8c6f27d1ab2d38b342a464613079adfa34a2b4f83b
- SSDEEP
  
  6144:kOKxw3fICwnQQABCZs04tq4t+9U0P2N4:Rgn7FZswTON4
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  RadGtSplitter.ax
- Size
  
  288KB
- MD5
  
  7668248c3101e6cca0b88fc9ea99f6a3
- SHA1
  
  161c786cfb89fde589a5fa0c79ad2986541e3fc9
- SHA256
  
  7d6eeea0a3d1bdaf6d5e2bd13916836121026a6e37da2474296a8bcbbe538677
- SHA512
  
  94e7d68824c4e4ce1f58d909ee9906725cc27d70f03a52708fb6c1e9f797dda475609d4cf2f5907029a7aae535946e5caca2a73b7c58def126f1d1845a428ca1
- SSDEEP
  
  3072:whNH3BilrDE4LN+XZsFk5286zoSu+KEK8I1I15ePDMtcsWD47MKOEs9U2UHBlp9q:zPE4Uc3ESlK/1I1MAk47Mt9m9ztOH
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  binkw32.dll
- Size
  
  367KB
- MD5
  
  002cdf612509807b33e4ab09c686a966
- SHA1
  
  73a2ee8ec4c074b6a5c5485c615ee7ce230137e0
- SHA256
  
  2d0ae23a6175dc7b635c402a5e7e9542e923c0d1c376a8c5ef876ca0d5959d23
- SHA512
  
  e6d1c3f5e33ff8fc56b4798a6155ae76411ba9a234bea599338b7af424051943b1a2e666baa6935975df3d0354ba435962d1281b88b1ea17a77b1fbeb2cecca2
- SSDEEP
  
  6144:kkTBPP62N/OS8+YTT9rlgVNgkw7rJRddRuE4dMDVYxfTiolohXdkoS3RqcS4mIgs:kklWl5VrlgVNgkw7rJRddRuE4dMDVYxv
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  csfcodec/ijl15.dll
- Size
  
  364KB
- MD5
  
  1aa06c81a0621e277e755b965b5e4b5f
- SHA1
  
  4a6f2a8cb383192c80ee0b2c1deee3c795a0986a
- SHA256
  
  334aa12f7dee453d1c6cb1b661a3bb3494d3e4cc9c2ff3f9002064c78404e43a
- SHA512
  
  49a8ab45b176667c4dd69f86abe7c608cfa8f37af14f6326a2d56553adef08d9a416e79bf31a06e59653a487df539dc6aefa6ddedad0042477aea89bb215e9c7
- SSDEEP
  
  3072:Ym5/JSmfd23YsND6QbiLw3tJ30N44nZutjC6++h2NStogI5xF+iX9ZaPqCK0QaL:Y2sND6Qbi3NetW6++h2NSjPRKZASYLu
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  csfcodec/mpc_mcucltu.dll
- Size
  
  124KB
- MD5
  
  1aafc350fcc3dd779318b35a28da2dfc
- SHA1
  
  551ec6829b85ec06a8eed31514ae2c546ac89edb
- SHA256
  
  a8b3302278d43c5530569a7328d9466f4d3c2f09dddc2aa9edef7a243f7c7151
- SHA512
  
  43eff2803061121aef477ad313e9dcdddec1cae7bbafb70b9737f7a82cfc045a0fd0c52923f77b580fec82c7e23a35ba98116819500a4111b9712d4ed9d36ddf
- SSDEEP
  
  1536:1zdQQeaqEX5JtfEbac/de6UipX19J9gwagN0zMHx1QV9lp3Z1:FqaRXWlGipXz3szMHx+V9lp3L
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  csfcodec/mpc_mcufilecu.dll
- Size
  
  92KB
- MD5
  
  ebc40e6239ac8f4f540707ee091dd30b
- SHA1
  
  2f830b951a68ce9700ef7a47fa2d3be9db285643
- SHA256
  
  2e551151c3fc7dc88a462f46bad62d8e2022ab6a7b3250da0eaa1d1bad81e1f3
- SHA512
  
  891016940c2ba93fde6b78101c661dd70534c462183da6776873d8b08351431e76d60ab70b84d82e11b98ec6d7e5c6f8b25c421408187331b4346ef85c0dd351
- SSDEEP
  
  1536:BRXoPAI/8ETdo2vH31ihB8uu8HCLOUXw5XZkwQwuFnsFjFUJipl6hh/llE+De:XXnI/8ETdtvHliLDcLw5aeXUJipl6D/e
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerdiscoverystealer

behavioral2

pandastealerdiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32