pandastealer | 4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706 | Triage

Sharing

General

Target

JaffaCakes118_4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706
Size

626KB
Sample

241226-125hlssphk
MD5

6fd10ec71a73ced51f5c1801eb5abc52
SHA1

bc5422ab38d9722a124c34fed97383fdda948100
SHA256

4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706
SHA512

14364121557ae53689dc41dbad06b667182ee4458db8a71ea3eab26d4aeaa5d896d7f8831acf1d1551e77b4782f6f239f4f73cb2594a0718c25ebc920de4165c
SSDEEP

12288:SEmOsaR57q50GOgo4vCAIReX4WpUS6CLMzz22QJFNn5QAsj6x1:SEhr7quPd4vgRdLiMUJFNn5dxx1

Score

10^/10

pandastealer discovery evasion persistence privilege_escalation ransomware stealer

Malware Config

Targets

- Target
  
  svchost.exe
- Size
  
  1.3MB
- MD5
  
  3ccc217e67b60638a02934976b695bd9
- SHA1
  
  0ec3b404afc266ed5e03515938ba89c2c1e42ca7
- SHA256
  
  ebb1de9c01ee78a74c5da92901fc8f50c3c7013462cdcf002444595c9ca1f52e
- SHA512
  
  ba1fdca7b08272745a849c54c148210d2ddfc4990ed9342ea1ed53b9848d13bfb91a9e3731f9a45e4a310556f1727ce1b4c7ae98ebc751401a37177705f8a1e9
- SSDEEP
  
  24576:ESUg4wd1XQ/EFd6oQ7dWWCjm1bmitsxq6OYAw3A8ckOXJATVVMrzS2LnUMDIE:HU7wcIJjtAsw6F9xO03Mrm27UMDIE
Score

10^/10

pandastealer discovery evasion persistence privilege_escalation ransomware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- Renames multiple (269) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies Windows Firewall
  evasion
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerdiscoveryevasionpersistenceprivilege_escalationransomwarestealer

behavioral2

discoveryevasionpersistenceprivilege_escalation