pandastealer | 058792133276504f7e506c0f4271b640b56472f1b564d4162db7b018c7038d2f | Triage

Sharing

General

Target

JaffaCakes118_a119a9f657c3bca53e97a8a5bad38230
Size

686KB
Sample

250408-xft8zaywdw
MD5

a119a9f657c3bca53e97a8a5bad38230
SHA1

2713c69905f49e3969d6b2d7992d08a132ba75b8
SHA256

058792133276504f7e506c0f4271b640b56472f1b564d4162db7b018c7038d2f
SHA512

1c6e2ec36243a4d6383baf241e811fc80c24dff22fdd64cb53ac39341b48e0cad6ad9637252938e796d51f4304c688e0580dbab052f399aca1a11ef5cdc18713
SSDEEP

12288:FHoZr1rQ/ERfli18M5nsOf5THHTvzTTddwNWkrKkKJm0VSAu/MGu/Cn:WZrpQIflLMhf5THHfTE2kKJm0V

Score

10^/10

pandastealer discovery spyware stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_a119a9f657c3bca53e97a8a5bad38230
- Size
  
  686KB
- MD5
  
  a119a9f657c3bca53e97a8a5bad38230
- SHA1
  
  2713c69905f49e3969d6b2d7992d08a132ba75b8
- SHA256
  
  058792133276504f7e506c0f4271b640b56472f1b564d4162db7b018c7038d2f
- SHA512
  
  1c6e2ec36243a4d6383baf241e811fc80c24dff22fdd64cb53ac39341b48e0cad6ad9637252938e796d51f4304c688e0580dbab052f399aca1a11ef5cdc18713
- SSDEEP
  
  12288:FHoZr1rQ/ERfli18M5nsOf5THHTvzTTddwNWkrKkKJm0VSAu/MGu/Cn:WZrpQIflLMhf5THHfTE2kKJm0V
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer