pandastealer | 2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia
Size

8.6MB
MD5

4a536d5a79d6ae2382bf20b6127235d1
SHA1

35a5745456a8ee88e45c400b06e97c92b689f815
SHA256

456e2d97840aa868aff95b0151d654e015fb408bb09830efd891b2d9fc4b0852
SHA512

bb2cb51d665fcb65f737801883f6f98cc1832ec9a46a7923dbc163979eadacbb0717f1bfc57d5ae04f9583d5d07050dd8ae0c622a93d20a499a4425c36e569dc
SSDEEP

196608:qHYiRk/OK70/iZADU91h+RzPhnJHBj7WNqGDiwn+eeCw4K4E:7DfADU91h+tbpWQGDCL

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia

Files

2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia
.exe windows:5 windows x86 arch:x86

15356bd5a9e27e2d11bfa28b14a2be68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW

kernel32

TerminateProcess
LocalAlloc
LocalFree
GlobalFree
MultiByteToWideChar
GetLastError
LoadResource
LockResource
SizeofResource
LoadLibraryW
GetProcAddress
CloseHandle
DeleteFileW
WaitForSingleObject
FreeLibrary
CreateProcessW
GetTempPathW
CreateDirectoryW
FindResourceA
GetFileAttributesW
GetVersionExW
CreateMutexW
SetCurrentDirectoryW
WinExec
GetCommandLineW
Sleep
ReleaseMutex
GetProcessHeap
SetEndOfFile
CreateFileW
SetStdHandle
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCPInfo
HeapReAlloc
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
CompareStringW
LCMapStringW
RaiseException
LoadLibraryA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
SetFilePointer
ReadFile
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW

shell32

ShellExecuteExW
CommandLineToArgvW

ole32

CoCreateGuid

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15356bd5a9e27e2d11bfa28b14a2be68

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

shell32

ole32

Sections

.text Size: 147KB - Virtual size: 146KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 8.4MB - Virtual size: 8.4MB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 32KB - Virtual size: 31KB