General
-
Target
a58ba0338bc617fdc6e60f0a0c5ef655
-
Size
1.4MB
-
Sample
240226-f4ygvsdh94
-
MD5
a58ba0338bc617fdc6e60f0a0c5ef655
-
SHA1
9fab93502863d7e5e39778cdd613f258081638c3
-
SHA256
e0cc6ae1f2a402c12678c97f63f6e97cad35090ccca5c1a280a3beef0b716e88
-
SHA512
ee507c9b632c71e49c18c95b10d290dda456a0422fd1659fc41e6d2c58a5b82f1428f7d4d4190d961e81cc30b42e1444a17b52392a95f3c451bdc2b2eec8deff
-
SSDEEP
24576:qlc5i8jgFm3YKQbc4ib20TsTUyLo4H/hach1H2bF89lAZuBk4WIWV:qlc5wKMcjabE4THRlAmWIW
Malware Config
Extracted
pandastealer
1.11
http://f0570666.xsph.ru
Targets
-
-
Target
a58ba0338bc617fdc6e60f0a0c5ef655
-
Size
1.4MB
-
MD5
a58ba0338bc617fdc6e60f0a0c5ef655
-
SHA1
9fab93502863d7e5e39778cdd613f258081638c3
-
SHA256
e0cc6ae1f2a402c12678c97f63f6e97cad35090ccca5c1a280a3beef0b716e88
-
SHA512
ee507c9b632c71e49c18c95b10d290dda456a0422fd1659fc41e6d2c58a5b82f1428f7d4d4190d961e81cc30b42e1444a17b52392a95f3c451bdc2b2eec8deff
-
SSDEEP
24576:qlc5i8jgFm3YKQbc4ib20TsTUyLo4H/hach1H2bF89lAZuBk4WIWV:qlc5wKMcjabE4THRlAmWIW
Score10/10-
Panda Stealer payload
-
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-