pandastealer | a0058a18bed9da11dcafaa88ac2ad9d7a18088cc64226edb260f1ae2e499c401 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-12...os.exe

windows10-2004-x64

Sharing

General

Target

2025-04-12_55a8e7c230d9b4f64976d04eafc4d34d_elex_mafia_remcos
Size

6.9MB
Sample

250412-tcy6zaxxhx
MD5

55a8e7c230d9b4f64976d04eafc4d34d
SHA1

79fb2106193b92447f279c381bbc7cf02d2c0d77
SHA256

a0058a18bed9da11dcafaa88ac2ad9d7a18088cc64226edb260f1ae2e499c401
SHA512

51ded7b97c9e5ffaa91307684701428a90a72f0c2e1e7a62811e0a2961fb3a79025c973730ed351172dd722c7b3adbb6f3b1949b34d434eb05ba09dff528ed37
SSDEEP

49152:NqcQFTIOZeVJzttyVY81DasilJoab20Maoc5+OcoP1xbaHdLHkJEZ11QAfloTpc8:ccQUOO81DaLlJoab8aocpj+DheTpoTIt

Score

10^/10

pandastealer discovery spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-04-12_55a8e7c230d9b4f64976d04eafc4d34d_elex_mafia_remcos.exe

Resource

win10v2004-20250410-en

pandastealer discovery spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-12_55a8e7c230d9b4f64976d04eafc4d34d_elex_mafia_remcos
- Size
  
  6.9MB
- MD5
  
  55a8e7c230d9b4f64976d04eafc4d34d
- SHA1
  
  79fb2106193b92447f279c381bbc7cf02d2c0d77
- SHA256
  
  a0058a18bed9da11dcafaa88ac2ad9d7a18088cc64226edb260f1ae2e499c401
- SHA512
  
  51ded7b97c9e5ffaa91307684701428a90a72f0c2e1e7a62811e0a2961fb3a79025c973730ed351172dd722c7b3adbb6f3b1949b34d434eb05ba09dff528ed37
- SSDEEP
  
  49152:NqcQFTIOZeVJzttyVY81DasilJoab20Maoc5+OcoP1xbaHdLHkJEZ11QAfloTpc8:ccQUOO81DaLlJoab8aocpj+DheTpoTIt
Score

10^/10

pandastealer discovery spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Pandastealer family
  pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pandastealerdiscoveryspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.