General
-
Target
b3a402df4012df2d094004f103bdc219_JaffaCakes118
-
Size
3.9MB
-
Sample
241129-1e56maxmat
-
MD5
b3a402df4012df2d094004f103bdc219
-
SHA1
88f6093dcc0e5401609e076c1b6ebfded0f77807
-
SHA256
a8467de9492387559bc693b8430805aadb9761d4e3a708cb35e99544bdcfc0c7
-
SHA512
2dbfadc6faf5ec561c53e64fc3330e0a74a4e09db61624d25e76040076389a8dcaa47846b5da476d6c3f1fb0e932ee27d20b4813fdf5d09dff165be67f32d272
-
SSDEEP
98304:a3HuDURiLaNypLLlhSGYcrJFte0MEe0V3gkD:wwURi5Drdr7/V3Z
Malware Config
Targets
-
-
Target
b3a402df4012df2d094004f103bdc219_JaffaCakes118
-
Size
3.9MB
-
MD5
b3a402df4012df2d094004f103bdc219
-
SHA1
88f6093dcc0e5401609e076c1b6ebfded0f77807
-
SHA256
a8467de9492387559bc693b8430805aadb9761d4e3a708cb35e99544bdcfc0c7
-
SHA512
2dbfadc6faf5ec561c53e64fc3330e0a74a4e09db61624d25e76040076389a8dcaa47846b5da476d6c3f1fb0e932ee27d20b4813fdf5d09dff165be67f32d272
-
SSDEEP
98304:a3HuDURiLaNypLLlhSGYcrJFte0MEe0V3gkD:wwURi5Drdr7/V3Z
Score10/10-
Panda Stealer payload
-
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Pandastealer family
-
Renames multiple (651) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1