pandastealer | f53aceec2dd2323f9ef02ba077f140f2c968762bde3e6c19be892ad09697f3cc

Analysis

max time kernel
98s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe
Size

18.7MB
MD5

bca11b7e7f05b428e5d096fced90b03b
SHA1

b869f828b7d521864de715cb56744ad164babe76
SHA256

f53aceec2dd2323f9ef02ba077f140f2c968762bde3e6c19be892ad09697f3cc
SHA512

e04b0b0d654f872ac507e49a4b2de8e499b779d1f96d5987ddcd303a135a96a6299c27a2bfafb58d53320138bda3cc07501621e7f60249a0c253764c399cb5d2
SSDEEP

393216:ivjySZ/p1nut7F1/huzwzvWFR97axO4HTEQkfF+qMPW08eN1Pki:ivGW1nuJF1ZOqOFR9gOwTUE1PW08ezki

Score

10^/10

pandastealer discovery stealer

Malware Config

Signatures

Panda Stealer payload 21 IoCs

resource	yara_rule
behavioral2/memory/1940-287-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-292-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-291-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-300-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-298-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-297-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-301-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-305-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-306-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-312-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-313-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-316-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-319-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-317-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-320-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-322-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-323-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-331-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-342-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-332-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer
behavioral2/memory/1940-617-0x0000000000400000-0x0000000002CE0000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Pandastealer family
pandastealer

Loads dropped DLL 1 IoCs

pid	Process
1940	bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1940	bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe
1940	bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CDIResData\CDIRes.dll

Filesize
1.7MB

MD5
2adaa6733c5cf480d52824b977772dbe

SHA1
88b4dd86e812c0327e9cc8ea6344af0b91cf6a74

SHA256
498aef2e80850094b09578cc54ce0a4a79d8881229c28ba5ab4c888eacb71c71

SHA512
0e27bf90bb9f467e94dd8eb76131ae29049de9df8f3070446053d2164d1d7f2b9b41474b27349489e126365e9c34850d9a42c4fad0f63b23ad46f075a8d6d579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Script.ini

Filesize
3KB

MD5
00ce10a19fdfa5b5cfba4f5d8e371683

SHA1
f23998163617df6f42a0c3ea730cbbb869cfc410

SHA256
046b66aed0f0673433cf4ac68003488245eac2748b402f1f4b062fabc2d34af5

SHA512
cfb914f7dc56ba4d8eab964b975211bf8eb7d6a640d28885e7f90438a5cd70a3dc6a2616187c0bdea59a580ff5680dec36239e620a1f0acc4d3ba296267deae1

Download Submit
memory/1940-1-0x0000000002E80000-0x0000000002E82000-memory.dmp

Filesize
8KB

Download
memory/1940-0-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-289-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-288-0x0000000076670000-0x00000000766EA000-memory.dmp

Filesize
488KB

Download
memory/1940-290-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-296-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-287-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-295-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-299-0x0000000076670000-0x00000000766EA000-memory.dmp

Filesize
488KB

Download
memory/1940-292-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-291-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-294-0x0000000075780000-0x00000000757AC000-memory.dmp

Filesize
176KB

Download
memory/1940-293-0x0000000076670000-0x00000000766EA000-memory.dmp

Filesize
488KB

Download
memory/1940-302-0x0000000076670000-0x00000000766EA000-memory.dmp

Filesize
488KB

Download
memory/1940-303-0x0000000075780000-0x00000000757AC000-memory.dmp

Filesize
176KB

Download
memory/1940-304-0x0000000076EF0000-0x0000000076F15000-memory.dmp

Filesize
148KB

Download
memory/1940-300-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-298-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-297-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-309-0x0000000076EF0000-0x0000000076F15000-memory.dmp

Filesize
148KB

Download
memory/1940-308-0x0000000075780000-0x00000000757AC000-memory.dmp

Filesize
176KB

Download
memory/1940-307-0x0000000076670000-0x00000000766EA000-memory.dmp

Filesize
488KB

Download
memory/1940-301-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-305-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-306-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-311-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-310-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-315-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-312-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-314-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-313-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-316-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-318-0x0000000076EF0000-0x0000000076F15000-memory.dmp

Filesize
148KB

Download
memory/1940-319-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-321-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-317-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-320-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-324-0x00000000762A0000-0x000000007634F000-memory.dmp

Filesize
700KB

Download
memory/1940-322-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-323-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-325-0x0000000077190000-0x0000000077743000-memory.dmp

Filesize
5.7MB

Download
memory/1940-330-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-329-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-328-0x0000000075780000-0x00000000757AC000-memory.dmp

Filesize
176KB

Download
memory/1940-327-0x0000000076020000-0x0000000076103000-memory.dmp

Filesize
908KB

Download
memory/1940-334-0x00000000762A0000-0x000000007634F000-memory.dmp

Filesize
700KB

Download
memory/1940-326-0x0000000075830000-0x0000000075A40000-memory.dmp

Filesize
2.1MB

Download
memory/1940-335-0x0000000077190000-0x0000000077743000-memory.dmp

Filesize
5.7MB

Download
memory/1940-331-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-341-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-344-0x00000000762A0000-0x000000007634F000-memory.dmp

Filesize
700KB

Download
memory/1940-348-0x0000000010000000-0x00000000101C0000-memory.dmp

Filesize
1.8MB

Download
memory/1940-342-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-347-0x0000000075700000-0x0000000075774000-memory.dmp

Filesize
464KB

Download
memory/1940-351-0x00000000762A0000-0x000000007634F000-memory.dmp

Filesize
700KB

Download
memory/1940-354-0x0000000075700000-0x0000000075774000-memory.dmp

Filesize
464KB

Download
memory/1940-353-0x0000000075830000-0x0000000075A40000-memory.dmp

Filesize
2.1MB

Download
memory/1940-346-0x0000000075830000-0x0000000075A40000-memory.dmp

Filesize
2.1MB

Download
memory/1940-345-0x0000000077190000-0x0000000077743000-memory.dmp

Filesize
5.7MB

Download
memory/1940-332-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download
memory/1940-340-0x0000000075640000-0x00000000756BA000-memory.dmp

Filesize
488KB

Download
memory/1940-339-0x0000000075700000-0x0000000075774000-memory.dmp

Filesize
464KB

Download
memory/1940-338-0x0000000075780000-0x00000000757AC000-memory.dmp

Filesize
176KB

Download
memory/1940-337-0x0000000076020000-0x0000000076103000-memory.dmp

Filesize
908KB

Download
memory/1940-336-0x0000000075830000-0x0000000075A40000-memory.dmp

Filesize
2.1MB

Download
memory/1940-333-0x0000000075B90000-0x0000000075C6C000-memory.dmp

Filesize
880KB

Download
memory/1940-457-0x0000000002E80000-0x0000000002E82000-memory.dmp

Filesize
8KB

Download
memory/1940-617-0x0000000000400000-0x0000000002CE0000-memory.dmp

Filesize
40.9MB

Download