pandastealer | 12ea95d36207191230b40421226f81333db636fc04e46b3459b914bb616e9550 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...de.exe

windows7-x64

JaffaCakes...de.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8a1a868a140dc10c47ceb377b764c9de
Size

1.8MB
Sample

250327-186n9a1ns6
MD5

8a1a868a140dc10c47ceb377b764c9de
SHA1

467a1d1875b1e65140010687304c40c15a89b73a
SHA256

12ea95d36207191230b40421226f81333db636fc04e46b3459b914bb616e9550
SHA512

83995bd4dd5b13206b1af7b5402a3f5e5a115a47a426b63a2b151a10c54ce7fcf98aa701ef6d49f8de0fc20fd9414a22bdf56a90e0934e47e748c259a92b457b
SSDEEP

49152:0hzRz4om5ylz+PysnyKg+ol4MQSvuhTByHdcuvkQ1:YlzH0yxktyTWgoTBacuvkQ1

Score

10^/10

pandastealer aspackv2 discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8a1a868a140dc10c47ceb377b764c9de.exe

Resource

win7-20241023-en

pandastealer aspackv2 discovery stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8a1a868a140dc10c47ceb377b764c9de.exe

Resource

win10v2004-20250314-en

pandastealer aspackv2 discovery persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_8a1a868a140dc10c47ceb377b764c9de
- Size
  
  1.8MB
- MD5
  
  8a1a868a140dc10c47ceb377b764c9de
- SHA1
  
  467a1d1875b1e65140010687304c40c15a89b73a
- SHA256
  
  12ea95d36207191230b40421226f81333db636fc04e46b3459b914bb616e9550
- SHA512
  
  83995bd4dd5b13206b1af7b5402a3f5e5a115a47a426b63a2b151a10c54ce7fcf98aa701ef6d49f8de0fc20fd9414a22bdf56a90e0934e47e748c259a92b457b
- SSDEEP
  
  49152:0hzRz4om5ylz+PysnyKg+ol4MQSvuhTByHdcuvkQ1:YlzH0yxktyTWgoTBacuvkQ1
Score

10^/10

pandastealer aspackv2 discovery stealer persistence
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealeraspackv2discoverystealer

behavioral2

pandastealeraspackv2discoverypersistencestealer

© 2018-2025

Terms | Privacy