pandastealer | 379c2feee0c29170fcbea6fd7c6059df7386d58d2aa2e0fbd7008e4c4d1ded19 | Triage

Sharing

General

Target

JaffaCakes118_79dcc2f78c807dfeecfd3960a31afb6f
Size

26.3MB
Sample

250316-mcen1a1qw8
MD5

79dcc2f78c807dfeecfd3960a31afb6f
SHA1

7e92878c52ee5ad8bb76ba84c6507e214312b463
SHA256

379c2feee0c29170fcbea6fd7c6059df7386d58d2aa2e0fbd7008e4c4d1ded19
SHA512

137626b619fe552f80c773e1cadf162a42dd636a4aace7e3f710f7f4a0ccdc1265f8b0bb6a43a3ceaf7dbccc6ae09160fcbbc432f196515c44229a0a105224eb
SSDEEP

786432:ytUdicc40RGZbbEQ4H0zg+6z4xFqwVU8DQzrbL02f:10RkIUzCz4xFD5Qzbbf

Score

10^/10

pandastealer discovery persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/7z.dll
- Size
  
  893KB
- MD5
  
  04ad4b80880b32c94be8d0886482c774
- SHA1
  
  344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
- SHA256
  
  a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
- SHA512
  
  3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
- SSDEEP
  
  24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/ATL80.dll
- Size
  
  94KB
- MD5
  
  3c7def3cbbca6284867aa4621d5d8a54
- SHA1
  
  4bd9852f1f063b9fd1e1829b756d381e14609fa7
- SHA256
  
  db18738202dcda842dce505ecd0b858d7b4c55886cac29827305f0dc3839143a
- SHA512
  
  1f9e89114a579bbb0c175d5fb587d58a923a0f556361b2f6c5ae3ffeb139539733e46edb3df1627fa630d5bc80cdf5ff311ca75754ca306345569cd48f51f2c4
- SSDEEP
  
  1536:RCYlLTNQQ/Nucs4hRKF+HnLoRsV1TlWh8XhylIjwaCi6imXmwxCU4tkm:R7LTNzNup4hAQHnLP+VXmwxCtk
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AVTransBiz.dll
- Size
  
  141KB
- MD5
  
  597c9ddf19efb77a9435d1d67fc25800
- SHA1
  
  bff7c63639cd623c25bebd4205b3c1edf757f20c
- SHA256
  
  09d91d2ac36a1de6f35f182e4d81e411fcd6390406c3d2d0916eeabf1b5ff527
- SHA512
  
  1e58e2af2d551ff9eae1bee52ed8be567733df7a40348a7b75c6ef29b6b65ceb5200b1f05c596596c2a9f01bf3c6db487192b215b8a06d363a89fbe9d5650d8c
- SSDEEP
  
  1536:4lLOe/QyE0NDJmF8joee/jVzyvH7IGm02/++4EPhp9/OgxOe0Uwaux6NQ:4VG+VPo2vH3m0cBDR/OgxOejnK6S
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AccVideoEgn.dll
- Size
  
  1.1MB
- MD5
  
  947f0e0cc8e093cad635223d7914f68c
- SHA1
  
  8f8f24b57da012d0e4957176eac1e92bb0386d4f
- SHA256
  
  833b3e1f1c4f6a8a3758f43c7d497614228e213341b964876528e603e43303e9
- SHA512
  
  f2a29c758c08229c42d222cb109c0c8ccb5d6bdf0dfd6250089c833a7a3f215b086baaffb05946a4f9465c87bf37cacc2c9a3dfbbbab5d580bfb9c62ba568579
- SSDEEP
  
  12288:XTT66JxP+GiRkvj96Uxpump8/QfCmJgbgub7V/ls+4Sprdwd5n2IFhqRlVlrhyL+:jT6Devj9/pu9YfCRDyLGX0GmtV6FZ00
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AccVoiceEgn.dll
- Size
  
  529KB
- MD5
  
  2f6b4edd23cb82b9ab22df20f0d44717
- SHA1
  
  e26ca54af71f59598b44a2c8ad62426a9d634b0a
- SHA256
  
  9ba1d4e7c2c24c7c92cdacbaa73c519786914967b46982f7199468aa8330c026
- SHA512
  
  c2106774d4ba7d05d98b5226c02359bef01e3d402e2df3d61d26115e4e83457975f81156b0da358d5ebc7bff9df6b8df12c51b02a50f81dea319ff1a7afd904a
- SSDEEP
  
  6144:SsDIt4YMIrciY9dFhArfzBk1d/WqMFifmdBhpfOSPRMAOmqp+p4bt6M:S5c9cfzMdu1FiivpFPeUse4bt6M
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliApkInstaller.exe
- Size
  
  149KB
- MD5
  
  7b776946719af3d5f1de7a1635b7ac8b
- SHA1
  
  651b51f971e8bb9d50ee7511f413ec9cfaf50dbd
- SHA256
  
  5ba06a7127c697d4b713c0ab4bd3ad22f2b0b0a0de9f8c13900023d0e72bd006
- SHA512
  
  40911b474db2fc293ad5e9cb311e4e5c698f63064db912d32dee1e08ee9aec3382c49509f6b780cfc606d9a312d49e81223d279a62ab2be7709a16ffa20ceca2
- SSDEEP
  
  3072:aoLPSd55UIlrZ+4l+Rx8XWOlgHcPPPPPPPPPPPPPPPPPPPPPPPPvbj6i:a+PSdnUIpxBXWOlg8PPPPPPPPPPPPPPP
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliIMBrowserHostmod.dll
- Size
  
  189KB
- MD5
  
  8248cde718c206fb8296f2aa6bdd6058
- SHA1
  
  94fcc2dac162a79545594768b5d5a211e04196c9
- SHA256
  
  544791076fbf642e6ecc88c943dd7fa3cb15dacf829b8f1ebbaed390c89d1ffe
- SHA512
  
  81fe0cc0d61d19a6ee899ce9c11499cc70454eb2d8b04e00e5546148f871fbf6e3aed601c46e8a0c0d5de872bd375c732d6925ae9cd578d4750ee0ead28f662f
- SSDEEP
  
  3072:5uFyjAEzuvNf11lervbrkCqog/duAkStCkSYwlVBdHyOAs4bpM9FbabP6G:t8dcvc5gASdHyOAny9FGbP6G
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliIMSSOLogin.dll
- Size
  
  157KB
- MD5
  
  884ca22a4e543fa686b9a3c0b7a4fc94
- SHA1
  
  470b36cc6aece66b8d30d99d3ec456819a7348b2
- SHA256
  
  2628a32e9b84bf7577b056001f90785271a0e55d313079886a0c6404332438c5
- SHA512
  
  44a0e865c2171d83093f60ffe6fbcb0d200fbfc1f455f73af52cf31faaf84d6546259f58467916cd26c2d5988b27314cba64da3e8041bfebaa4985a9d8108b81
- SSDEEP
  
  3072:0MestfOmqVSiBGmC78GwQwXZ1G4fERFxIVVOgfzHjoU0l5FUGbX+6Q:o6OFSiBGl8Gw9X/vERF2VVOgfTjoU0lu
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral15 behavioral16
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliIMSrv.exe
- Size
  
  109KB
- MD5
  
  e366d53cb3c1bd330eef219ffd95b4db
- SHA1
  
  eea619b390dc44dcd71c1855358db40f8c06a933
- SHA256
  
  21eb72f2ce6eb3bd53c223a97e076422fbaeb1195191be9e266309cf544700f5
- SHA512
  
  a83c63ffe78d32914a79d8f478650a390ce18649dc367fab4546ecf0522b65cb67b8a382d11837f2599eff7a955a636fd98c8cc40322d67a69c7a21cc894d64c
- SSDEEP
  
  3072:+2n+T4K1jdzdbTLfXopoNq2OKyplBfFOW4FU56j:DC1ddnLwL2OKElzC46j
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliIMStartup.dll
- Size
  
  377KB
- MD5
  
  64791fb8f070a6999e6ca1b2253b7a29
- SHA1
  
  b6a8285a36fb3c17bc4a0717396fbd1320990c0a
- SHA256
  
  692eda5695e812a9ca387b293adb9b8585972117b9a7a6c1563609e3e2266984
- SHA512
  
  f11a3188a6b4a2dee4536026e1c6b53c6aae75a8c3e87192f2de888cbe28af620dee40712697cb4e4667a9683ce56c03388e69fc25840b7e566274fefc23936d
- SSDEEP
  
  6144:kUNrzSfjk+bwebqx4OgF+6MXP8A4OVoKZtSdBo6ZX6N:/rzyjk9k66MXPXhX6ZX6N
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliIMX.dll
- Size
  
  361KB
- MD5
  
  44c0f971105595fe69c6e1c615c8a857
- SHA1
  
  fb2f2b844ff70c925d05a2590642ab000c7c1bf0
- SHA256
  
  877adc0c195c4083e1dcf186d362893b9faa9cc354f6ed85017f2d11d2d44faa
- SHA512
  
  58c54822cf93a5f8558fcd902e6443228b4c958ad7133b7a8c0beb06c8421c87703df5ce977d88255943a0c5e5f1d74e94c628f8e68696a9d775ac29683737b2
- SSDEEP
  
  6144:lNwIE6islBpG0ZGYnugA/0JIOAZ2XII1LXZHaWXW9zs64:lpE6NG0ZGYnugAsJIOAZ2aWXWxs64
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral21 behavioral22
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliIMX.ww
- Size
  
  361KB
- MD5
  
  44c0f971105595fe69c6e1c615c8a857
- SHA1
  
  fb2f2b844ff70c925d05a2590642ab000c7c1bf0
- SHA256
  
  877adc0c195c4083e1dcf186d362893b9faa9cc354f6ed85017f2d11d2d44faa
- SHA512
  
  58c54822cf93a5f8558fcd902e6443228b4c958ad7133b7a8c0beb06c8421c87703df5ce977d88255943a0c5e5f1d74e94c628f8e68696a9d775ac29683737b2
- SSDEEP
  
  6144:lNwIE6islBpG0ZGYnugA/0JIOAZ2XII1LXZHaWXW9zs64:lpE6NG0ZGYnugAsJIOAZ2aWXWxs64
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral23 behavioral24
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AliMediaPlayer.dll
- Size
  
  185KB
- MD5
  
  d0868dd3c9a49a0fc30836cafa6846fc
- SHA1
  
  f625585d21c75bf377ad0f67718711b9465540af
- SHA256
  
  e5dbeda32366d5a997b8953ac56f3cf42e10a701b518a5c13e29c89f28fb6d71
- SHA512
  
  47b4f2af9596cee0d9f92451935fced63bff667bab525863b1679983acd804dd92403385ce5bbc53f87d28b7ea01547b1f281c39653f6171fd181fe7244b4d8c
- SSDEEP
  
  3072:8Hig5LHgaGGRLU6zE1norQRbbWRbrRbVRbt1OgBmL1Avx+6x:eFe1RmRfRJRvOgBE1x6x
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/ApkBrowserHost.dll
- Size
  
  593KB
- MD5
  
  67b85da7d18b169eb952e448bba25460
- SHA1
  
  78925d9bf21a1924f34f00e117c9ce85030979de
- SHA256
  
  a55acd7213b3f382b276cb9db5393d43d08d9c87e51dac9b8dcbe194a760c279
- SHA512
  
  f0566bc75c4b0169cc54b603cba6387f2a00f31a99fbf498c692721ab2af59770f9cf84fb954a15d04c8307788af6362ce3e39cd51ba049386d1c897dab33efd
- SSDEEP
  
  12288:PQtpnDx38Gi7jpVcFojptZPZzoMJC3uhjpPPPPPPPPPPPPPPPPPPPPPPPP35y61:PAtG7pjptdZ5BhjxV
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AudioVideoMgr.dll
- Size
  
  461KB
- MD5
  
  1c6fe928c4933dc9b6e69a04284e69d7
- SHA1
  
  dfb6c462d8e633725a5cf609075609891993878e
- SHA256
  
  0be78b6bfb1a641ec07223ea31eb5f8e70f554acbdae40eb4e56b9ba7e6c3cec
- SHA512
  
  22032fcd74136929c65bfcaa5dded1eaf5b4c089ba966970a09fbd2d26da6b01722b0b6feea91c49095cd541a3986b84d9d531fe420056c9aafcc6dd7f2ceaef
- SSDEEP
  
  6144:KVRQf5gglk+lG9+3jhJBzR/P8lpFgB+iDOXIGOAWselzCbcFnXB6i:KV0flDliWtPcFgB+zelBFnXB6i
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  AliIM2013_7.21.04C去广告绿色优化版V2/AliWangWang/7.21.04C/AutoPerfProxy.dll
- Size
  
  113KB
- MD5
  
  1c05e4d0473097edbd10fbe6b15fd4d2
- SHA1
  
  bdcb0a4d78fb43224815a32362857888ead36f38
- SHA256
  
  59b912a4e8b316cbb08132a706d4783da3a6e5d4bdd91bc34cc9fbf1143e4f67
- SHA512
  
  961b5377f5f5e9d5ed69b64e3a4a48bcdb29a389572f7245e00b95df589d48c84f48078dac7fda0fce29216e4e5809bca36d8c156e0511a3a2d7d23b2f137010
- SSDEEP
  
  3072:4N6UcIaXsy1Ulx6w2PNRDAmQKeXyrwrw2OgYNSVZyB6A:rI012IMbKNw5OgYNrB6A
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxpandastealer

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

discoverypersistenceprivilege_escalation

behavioral16

discoverypersistenceprivilege_escalation

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

discoverypersistenceprivilege_escalation

behavioral22

discoverypersistenceprivilege_escalation

behavioral23

discoverypersistenceprivilege_escalation

behavioral24

discoverypersistenceprivilege_escalation

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32