pandastealer | a55a1fb322306d1e3052574c5539b2b4ac93a28f4baee165fcc7b0c5facc0d23 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

GPOscript.rar

windows11-21h2-x64

Sharing

General

Target

GPOscript.rar
Size

315KB
Sample

250323-txzcgawygs
MD5

b8f11fd5f47feb29d3390fbcbfb8f8a8
SHA1

a7d1abebf611c6b1df507df045bc09d5defa2235
SHA256

a55a1fb322306d1e3052574c5539b2b4ac93a28f4baee165fcc7b0c5facc0d23
SHA512

786f36b09385845e43f38e036693bcef6b19aab6b8b9c453f011fd99dc97f2927fe67ffb44797f3f66c999ccf0f9a84c33f4e4f42f87a1cb97d069d174b7f57a
SSDEEP

6144:F9aQ54JfOXFCEI0mnidW/rnQJYbjNUTYjIVs2X4DDM0GojCkp+gdiCLa:m044VMKEjnFbj+TWIVs2IDWQhoCa

Score

10^/10

pandastealer credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

GPOscript.rar

Resource

win11-20250313-en

pandastealer credential_access discovery spyware stealer

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  GPOscript.rar
- Size
  
  315KB
- MD5
  
  b8f11fd5f47feb29d3390fbcbfb8f8a8
- SHA1
  
  a7d1abebf611c6b1df507df045bc09d5defa2235
- SHA256
  
  a55a1fb322306d1e3052574c5539b2b4ac93a28f4baee165fcc7b0c5facc0d23
- SHA512
  
  786f36b09385845e43f38e036693bcef6b19aab6b8b9c453f011fd99dc97f2927fe67ffb44797f3f66c999ccf0f9a84c33f4e4f42f87a1cb97d069d174b7f57a
- SSDEEP
  
  6144:F9aQ54JfOXFCEI0mnidW/rnQJYbjNUTYjIVs2X4DDM0GojCkp+gdiCLa:m044VMKEjnFbj+TWIVs2IDWQhoCa
Score

10^/10

pandastealer credential_access discovery spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealercredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy