Overview

overview

10

Static

static

10

2025-01-24...id.exe

windows7-x64

2025-01-24...id.exe

windows10-2004-x64

Analysis

  • max time kernel
    8s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2025 08:25

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid.exe

  • Size

    2.0MB

  • MD5

    23759b4674c9e9ae889a976dec77b79a

  • SHA1

    1cd87cb5875986e9f037c6d349e485cce2cac091

  • SHA256

    bd01d037e56a5408610de59d9e99cfea8cf10ba524d1159385e7dcdc2c2a9b29

  • SHA512

    3c8417c9a15220ac2aa3a27be1a5c234968a21f1db85c0057d1f1190093e73ee17406ecc9b08c3ee1de1f8b01a4d0b36d8e01ad9d681a2b2c526b75ed5191b92

  • SSDEEP

    49152:dnCm+d9N62qGFY57j+eZphTzd4xWPwqiqD:872dhj+e3

Score
10/10
pandastealerdiscoverystealer

Malware Config

Signatures

  • Panda Stealer payload 2 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Pandastealer family
    pandastealer
  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-24_23759b4674c9e9ae889a976dec77b79a_icedid.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2556
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:792
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2776

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Local\Temp\Rspp.dll
        Filesize

        48KB

        MD5

        af3b9c8a4b4ae14757c9e52bb597c387

        SHA1

        9fd550b193765a7f0c12243ddccd51d889abc7fc

        SHA256

        8f87cbc5f5661f75cc55e71e9e5008a8e8a211e14db66df3d26a0eb36ec86cfd

        SHA512

        695e007b0cf4a52c349c499929b9b50c917170ed094c2e7cc7d68f287a45b80431015083426cb0d29e001e2e3b0205168220c0a201c95357dcc83a4e4b8886c7

        Download Submit

      • memory/792-8-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2556-0-0x0000000000400000-0x0000000000614000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2556-7-0x0000000000400000-0x0000000000614000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2776-9-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

        Download