pandastealer | 597d06e44811afb2e030ccca2ae68e765ab69a08b27bc61d41f4caa7e60756c5

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7e45597c96c9ee651ffe86ba5821246a
Size

11.2MB
Sample

250317-q7k12s1xb1
MD5

7e45597c96c9ee651ffe86ba5821246a
SHA1

9011da8bd4851bd67d14a836f4c99c5e19a56427
SHA256

597d06e44811afb2e030ccca2ae68e765ab69a08b27bc61d41f4caa7e60756c5
SHA512

04c9463650d0030e5d7b7898d353a958b66df0d5e8401d5f93b15307761ef3f973fc04c08d26804b8e0de3b9815a9df5fb292a9cf7e5a5e89c79dcc09bec436d
SSDEEP

196608:5tkDpFkV17RqmnMYL6xcKIum1Tm8UGzdQ2MMJAvzC4JXRBAKJUDjM6AP2NE842zx:5tmvkVZsmMYmxP81NdXMMJ9dU2NEq3OA

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_7e45597c96c9ee651ffe86ba5821246a
- Size
  
  11.2MB
- MD5
  
  7e45597c96c9ee651ffe86ba5821246a
- SHA1
  
  9011da8bd4851bd67d14a836f4c99c5e19a56427
- SHA256
  
  597d06e44811afb2e030ccca2ae68e765ab69a08b27bc61d41f4caa7e60756c5
- SHA512
  
  04c9463650d0030e5d7b7898d353a958b66df0d5e8401d5f93b15307761ef3f973fc04c08d26804b8e0de3b9815a9df5fb292a9cf7e5a5e89c79dcc09bec436d
- SSDEEP
  
  196608:5tkDpFkV17RqmnMYL6xcKIum1Tm8UGzdQ2MMJAvzC4JXRBAKJUDjM6AP2NE842zx:5tmvkVZsmMYmxP81NdXMMJ9dU2NEq3OA
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  a401e590877ef6c928d2a97c66157094
- SHA1
  
  75e24799cf67e789fadcc8b7fddefc72fdc4cd61
- SHA256
  
  2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
- SHA512
  
  6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f
- SSDEEP
  
  48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  CCleaner.exe
- Size
  
  1.6MB
- MD5
  
  fdfb209c5a04b7784bb0bb4af7f0b31c
- SHA1
  
  fe5a7301bcf0593e59265a24e514b756577c30bd
- SHA256
  
  c565feb2847bf0d116135db188bafe728e889f8f7319f562d7331a2906fd49c7
- SHA512
  
  76253a95753039ac72bee37e09eba3617330f656b45bee97250de0f4c9b6ab8e3b2353b2256bb07b0c1636bf2f3069a1f99d33063057f3c8e43b13619efb831f
- SSDEEP
  
  24576:ojfUhykNTubUrgaJu5nuqrnMevWRIRJ1UuFh3zN815tjoiFW:ojfUhxrrJylndvWRIRsazN815tjBFW
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
behavioral11 behavioral12
- Target
  
  Interop.SKYPE4COMLib.dll
- Size
  
  176KB
- MD5
  
  edaddf06a27eaf5ca0bb275ad14a3a1f
- SHA1
  
  36be176330414cb943fc54c38b7647ea16f571c5
- SHA256
  
  f7e699c89229ca538e178322f2e0145950b9431f750b716c099ed90e026cc498
- SHA512
  
  641df577fe068d4e96832dc2ff5efe899aa47633c6940eb2c1daf514098c5b99d2128c751a7eace9078f38d1740601e8ef18dcc39eacc4b48d490a2778eab1d2
- SSDEEP
  
  3072:rV+fyzCBTsbi+1ojOxf0vidwL2ZUXKFYz+B8/StgbmpEn6Woe4XsSrRsLdGpiFCn:rV+fyzCBTsbi+1ojOxf0vidwL2ZUXKF2
Score

1^/10
behavioral13 behavioral14
- Target
  
  Microsoft.mshtml.dll
- Size
  
  7.6MB
- MD5
  
  315780ddb6d1612d18405baa6e043dc5
- SHA1
  
  b879e42b66f91946e58e679b7c80c88cda0383ed
- SHA256
  
  675ad8a307684d73b96bcc1fc484c5d76a77b19c3ece495e859a6de6c2d964ee
- SHA512
  
  7d0a01e1d48938b15746ffc93a1f9489a3b324b27e125debcbba8f0bb7ca60b12e643dd6d54631021078d68ecc22b4e875d206f6a3a13c80869820936ad61f79
- SSDEEP
  
  98304:vpkg8hn8CiyAB84gPjKVuH62NhND7BMe8Al:vpkg8hn8pStD7BMe8Al
Score

1^/10
behavioral15 behavioral16
- Target
  
  NAudio.dll
- Size
  
  305KB
- MD5
  
  8e5ee2282342b87fa489beda9c6140b0
- SHA1
  
  14924a3a798f37fe1c8ef315f6fa462e2daa91a6
- SHA256
  
  9d2f7185b37325a9208d7b8af10f556c3ac347b12a508eaa8836d3495b92a7df
- SHA512
  
  8bbc90ddc3dc5b51b88a931ae3e67e1df0e06e23bcbb8a52ff1f367dc7dff47c3acdadc7e7cff7c628bb926f6606b3195d789172ebe0e1f180a9d8f17e70e081
- SSDEEP
  
  6144:CrAB/ZRh4oeHSa4Px4kcPTPQvGkGKENIMf002RRAAOhROWKkJ9fuI0m4mr:T/ZT6Sag4jPUsHNIljRA+Iumr
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Skype4COM.dll
- Size
  
  2.1MB
- MD5
  
  9bba1351fca721098980ecf4aad72946
- SHA1
  
  f3cea300587ee83f374bed72a5f4e0b1c9fb41ab
- SHA256
  
  bbb93044bb0894923bb640d01690deafb9c24d4f0d3b44edd47ee66fe7b84bca
- SHA512
  
  195d9800d0152af5d4e8e84ae843472ef125cb8787fc6f62cdc8ad8201de2e978d0bbaed338e923d764b6ffc055c4b7366399ca0913a4e406ade6b7f0c7d580d
- SSDEEP
  
  12288:J/F+4OKSqoMZCu5oszWyPRRo/yDIWBmu/tcmzyCVPEWnqkrP4tCLt7TH5+GffxR0:xF+4OKToMZCuRWARC/ZwHGrkktc+k71K
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  cafw.exe
- Size
  
  4.5MB
- MD5
  
  4b750345250adaba414dc22cfbc3dea1
- SHA1
  
  520684d27764c06c6ea377602e6dba6d1da4b169
- SHA256
  
  545aa38233d699754ba0bc447509e9aedf2eabde54d9abb5183387c468a51c78
- SHA512
  
  464a17bb41d2791e3ab4d4ef1a2f753ef42c8c0014bc8683db924675e585a975d560c7d4ae82c42c65269ef431b3564450bcda0ad3ef49b0f49d0b94d14890a5
- SSDEEP
  
  98304:zxfw+ea9Zb5qLPTycBSHtP+7JXxxOhV6TOG3kCGKxoZH+:Jw+ea9FgPTyJt27JBxOhVsl31GKmh+
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  cladgenius.chm
- Size
  
  49KB
- MD5
  
  54606732956daa512e876c7781797d04
- SHA1
  
  3a38d3bd77d069e4128901b5566d6688df796002
- SHA256
  
  356c4c24c3ef1f3ac27dae0aad2303ca307c0c579cfd4ea01ff8057030af4f75
- SHA512
  
  c51ec7d75b504ea3da985dc6fad11b452b6a3e67594b1a7cb953e429bfe98a0eba0575049e79d01c78d3fa1e0a97b408d9f0006074270146c8d8353b8723054e
- SSDEEP
  
  768:2zQ1cg+kQZ95d2gaUzYLTMqLk4WqkBrIEm7gYP6nvFI773ZNKAokFO8Gi8+sn:2MqvZfdBlzIzkWAIE90e6PHokFVTG
Score

1^/10
behavioral23 behavioral24
- Target
  
  decaptcher.dll
- Size
  
  72KB
- MD5
  
  05aa12c2665ebd53f9505d0cf9f37b83
- SHA1
  
  c0e6e0401fe2bcf40251c3d4514c6b3d58b7a4a3
- SHA256
  
  6903e1192b4a90bd78f4a0853d6d72bc0fa74ce8800946c698a4406a60c2f239
- SHA512
  
  586ec510204719da09f2d0761a2d8f9aee0dc15252f9340fcb09137650e21354d3d3c025b362c297d0b3439587d65a3c294cbe2359aa9d6ce224c34fa674bcab
- SSDEEP
  
  1536:6/3nHtECUPHH0sV2gIHFLJtKbHBlnDLL:g3HtECU/DVVUuzBlnDLL
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  fbclient.dll
- Size
  
  3.6MB
- MD5
  
  b8e93b77d06fe8acc4438bb88f9ae231
- SHA1
  
  b7b9116db1aae43a58bb8c0f3a002977e10bf834
- SHA256
  
  688caa8cecbca2a07baded86c567ec844b39aa3dcd50c136ab8ac4bbee8e99f1
- SHA512
  
  8e3ccb43d67ec90165b44cf5c14db73394ff8d1ac19548a1bc3fe807d361f0a7b5a8c9bb8ca34545a770795fd5f0a07c373039dbc3c6e15fd385eca263e91d23
- SSDEEP
  
  24576:CmvmNB5rZMCemDjVHBsyEJAYr3RKFgNtXy26oPjdarC/168Cs6RX1HQ46sWJvaKp:CmgdnHTuj0+qHPv203ymNsqYv3jnB
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  holfix.exe
- Size
  
  256KB
- MD5
  
  53f0c95938fdb4b3f0f4814bc8b1b9cc
- SHA1
  
  08c2a4a3df5381f8f49a5ee2372728400bd24671
- SHA256
  
  6b3ed396381a68ca58a1f4c73f00b40e2c2f555d031690865a64f26d2c5ed7fb
- SHA512
  
  2eac3782b5c1e1f45c9492b17910b60f28d2ab69aa7ec1b3e39e3ccf628fe30226c2824309a87d1b84c288b6028b903d3085d01df762ba421c7a5d5a7ddd6f9a
- SSDEEP
  
  6144:wMWnwQaTtvIa5rD1U8x7Am6OoyFoLp1kvWlp2FN6A5B5dn01:pJQatIerRUAA0o8CTlkFN6Az5dn0
Score

9^/10

discovery upx defense_evasion evasion exploit ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29 behavioral30
- Target
  
  ibprovider.dll
- Size
  
  3.1MB
- MD5
  
  3bca69f43800aed83c069037b8efd9f7
- SHA1
  
  d6387c347b1614979578c3442ec948e3d69d73d3
- SHA256
  
  278d40f010c994a458b076d1aa4dec03f3891da394d707a254908a7afabd51b1
- SHA512
  
  83b81cfc1c2291c0a5478eb600eb3edb15cf2346a3293e9292584f981df11b5ef678962f2b73aa48ebf4a6f59021d5facde0b93565fba0a47c24c3919a7f67bb
- SSDEEP
  
  49152:TX9oxIdkM+x1VKRANMvTA1wAwspjG/HBFIt/M8xc878qLKXZYemFFU+tEyqhguij:ja1Q/g2MtEs
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Drops desktop.ini file(s)

Executes dropped EXE

Loads dropped DLL

Modifies boot configuration data using bcdedit

Drops file in Drivers directory

Possible privilege escalation attempt

Checks computer location settings

Loads dropped DLL

Modifies file permissions

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32