pandastealer | da506fa70f7953e840f3eba28faf557a2038e0b3d0a5105a0ebe3434ee5e9e61 | Triage

Submit
Reports

Overview

overview

Static

static

1

adobe-air-...-3.exe

windows7-x64

Sharing

General

Target

adobe-air-51-1-1-3.exe
Size

5.9MB
Sample

241225-xlkayssqfv
MD5

34dba7939065022ad74458acbae28abd
SHA1

5f4e6e7cc0f2970068ff1c05189a8dc6881b8d33
SHA256

da506fa70f7953e840f3eba28faf557a2038e0b3d0a5105a0ebe3434ee5e9e61
SHA512

6271f67b486c7273fd391e4379f987fcce3042947909e97d05290d04469588a94bd501685f686037a400b788d6693e73f7d7799069c772b80da9556322c6cc79
SSDEEP

98304:FOB7drLD5C522D5K6O6DWT9dCrVodEdhIW5LkrNcBByeTTC3qdqH2pjin6uYRjUI:gB7drxU22DJVAbAeOIyBBNiKqMbZUI

Score

10^/10

pandastealer discovery persistence phishing privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

adobe-air-51-1-1-3.exe

Resource

win7-20240903-en

pandastealer discovery persistence phishing privilege_escalation stealer

windows7-x64

37 signatures

900 seconds

Malware Config

Targets

- Target
  
  adobe-air-51-1-1-3.exe
- Size
  
  5.9MB
- MD5
  
  34dba7939065022ad74458acbae28abd
- SHA1
  
  5f4e6e7cc0f2970068ff1c05189a8dc6881b8d33
- SHA256
  
  da506fa70f7953e840f3eba28faf557a2038e0b3d0a5105a0ebe3434ee5e9e61
- SHA512
  
  6271f67b486c7273fd391e4379f987fcce3042947909e97d05290d04469588a94bd501685f686037a400b788d6693e73f7d7799069c772b80da9556322c6cc79
- SSDEEP
  
  98304:FOB7drLD5C522D5K6O6DWT9dCrVodEdhIW5LkrNcBByeTTC3qdqH2pjin6uYRjUI:gB7drxU22DJVAbAeOIyBBNiKqMbZUI
Score

10^/10

pandastealer discovery persistence phishing privilege_escalation stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerdiscoverypersistencephishingprivilege_escalationstealer

© 2018-2024

Terms | Privacy