pandastealer | 2025-04-15_7c6e22f14877f1a6a33d6a0c0eccb94f_amadey_elex_smoke-loader | Triage

Sharing

General

Target

2025-04-15_7c6e22f14877f1a6a33d6a0c0eccb94f_amadey_elex_smoke-loader
Size

6.0MB
MD5

7c6e22f14877f1a6a33d6a0c0eccb94f
SHA1

9735d159e9fb99f5367e36ebe7b3bb81c236ee67
SHA256

05ef13e1af1913553f7660a18904ce9f165cf5e1a6a0277cb8e4f6e9d1465c1e
SHA512

a8dabb001fad1ce039f4eeaab98728098c2a2933a4994e3779e26a4f583a7d837f322c50bb113c643f79ad8b912198665615405859486a21e6a18d6ab611a875
SSDEEP

24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKO:JjLuSh3i+FtvkMzT+3HfOGlk2Ph0fhev

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-15_7c6e22f14877f1a6a33d6a0c0eccb94f_amadey_elex_smoke-loader

Files

2025-04-15_7c6e22f14877f1a6a33d6a0c0eccb94f_amadey_elex_smoke-loader
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ