pandastealer

Sharing

Copy URL

Twitter E-mail

General

Target

672dd0c0b851ef59e073ba4aa2a5211c9546679b22788d1d117339b28b8d528b.exe
Size

8.8MB
Sample

241201-1f1mjaxpcr
MD5

823389e6b696377bca1922f6eff200ad
SHA1

e292a7ecb3156e12dcacde7afb810b84afff6007
SHA256

672dd0c0b851ef59e073ba4aa2a5211c9546679b22788d1d117339b28b8d528b
SHA512

f5c4e9f09faa18e5bef6d3d0dc19ad6ceaaf47f842f3f52399c796153da1695ff94e69d5d54d6e18b1fda54a72b740c6e48e29148fc523f6a978b53c1529d30b
SSDEEP

196608:T1oRCm5gjvpKv1gJzwgs/vvZNijq97g00QCOsNjz0uHFtdMaKDk:T1oRCIg1Kvozwl/73vYrWaKI

Score

10^/10

Malware Config

Targets

- Target
  
  672dd0c0b851ef59e073ba4aa2a5211c9546679b22788d1d117339b28b8d528b.exe
- Size
  
  8.8MB
- MD5
  
  823389e6b696377bca1922f6eff200ad
- SHA1
  
  e292a7ecb3156e12dcacde7afb810b84afff6007
- SHA256
  
  672dd0c0b851ef59e073ba4aa2a5211c9546679b22788d1d117339b28b8d528b
- SHA512
  
  f5c4e9f09faa18e5bef6d3d0dc19ad6ceaaf47f842f3f52399c796153da1695ff94e69d5d54d6e18b1fda54a72b740c6e48e29148fc523f6a978b53c1529d30b
- SSDEEP
  
  196608:T1oRCm5gjvpKv1gJzwgs/vvZNijq97g00QCOsNjz0uHFtdMaKDk:T1oRCIg1Kvozwl/73vYrWaKI
Score

10^/10

pandastealer adware discovery evasion persistence privilege_escalation spyware stealer trojan
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Ping.dll
- Size
  
  64KB
- MD5
  
  b0e9ba9dab60cb7a9fd886dcf440cac3
- SHA1
  
  c416f6e9ba379feb9008c775d8456514444b66da
- SHA256
  
  52d52e5a1e1cec3e2db08555a8b2651f636cf76c6a24e32aa446595365cf193f
- SHA512
  
  90de38a7c57f59e8deb17c2473a215e2f052aee909a47ef37a88fefcfaeb5e6b54d462a39bcac4d0f1aa88d1806ba9e1237d0eeba98f7a0479bd6825e841f043
- SSDEEP
  
  768:1ORwNJ7zPmd4L2i/lZ9OIm+LAAgBL+LjZpZxkuS28sHL12/hYLwkOYqn2PEDupfq:1ORGPmd41tKBKZkZ2xHLYpswTcZL0
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Installer.exe
- Size
  
  10.2MB
- MD5
  
  564e47a3604ced3b7c18e43250226cd7
- SHA1
  
  a3eef8fac3617d048fb9fce2201937297e3920f1
- SHA256
  
  12ae00fe728b441221acd10483eeb1197884738e9bd6eb715ceadeea058c6c83
- SHA512
  
  e925e2a5b60c7257ac6b57b3fc12675d2cc490070c456a8e794f54c6732cc34981c0d88a5acfb2214fd316194f24eae83e8151cfab101daa2f1b59f2d621cdbf
- SSDEEP
  
  196608:NNCibAePytGr1MADU91h+RXs0yDiFqtpS8KNFVe1Pu5ZiqNJ:qZ6ytGriADU91h+WjDikm8KNkuziu
Score

8^/10

adware discovery evasion persistence privilege_escalation spyware stealer trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8