pandastealer | 8a644dfd2abc6310fc90f7e6908c373190a956544a4fd15de05fc5974704e7d5 | Triage

Submit
Reports

Overview

overview

Static

static

7

03f7e21506...18.exe

windows7-x64

03f7e21506...18.exe

windows10-2004-x64

Sharing

General

Target

03f7e21506f089d657a6c04c55902976_JaffaCakes118
Size

5.7MB
Sample

240622-1mblzsvhkg
MD5

03f7e21506f089d657a6c04c55902976
SHA1

dda208c6619d4e43107666bc6f8a5f84b6cb768a
SHA256

8a644dfd2abc6310fc90f7e6908c373190a956544a4fd15de05fc5974704e7d5
SHA512

edd93821c820d545610fd1fe5703bbbc4b908b18f2d6020d4e12926207928c4fc99c69c7ec797a745f7bcabff31c2d7b9df1cc50627d5f4fa2a28f9c7f2c82de
SSDEEP

98304:qMbTbHYM2WwqOJ4V9PTs8yuCtJ9IL6VkS8nNSlR/W/2l/zAbPppEiPu3mz7:l/HYVtqOJqTsVvXILUkS8NSlR+KsnExw

Score

10^/10

pandastealer shurk infostealer spyware stealer vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

03f7e21506f089d657a6c04c55902976_JaffaCakes118.exe

Resource

win7-20240611-en

pandastealer shurk infostealer spyware stealer vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

03f7e21506f089d657a6c04c55902976_JaffaCakes118.exe

Resource

win10v2004-20240611-en

pandastealer shurk infostealer spyware stealer vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  03f7e21506f089d657a6c04c55902976_JaffaCakes118
- Size
  
  5.7MB
- MD5
  
  03f7e21506f089d657a6c04c55902976
- SHA1
  
  dda208c6619d4e43107666bc6f8a5f84b6cb768a
- SHA256
  
  8a644dfd2abc6310fc90f7e6908c373190a956544a4fd15de05fc5974704e7d5
- SHA512
  
  edd93821c820d545610fd1fe5703bbbc4b908b18f2d6020d4e12926207928c4fc99c69c7ec797a745f7bcabff31c2d7b9df1cc50627d5f4fa2a28f9c7f2c82de
- SSDEEP
  
  98304:qMbTbHYM2WwqOJ4V9PTs8yuCtJ9IL6VkS8nNSlR/W/2l/zAbPppEiPu3mz7:l/HYVtqOJqTsVvXILUkS8NSlR+KsnExw
Score

10^/10

pandastealer shurk infostealer spyware stealer vmprotect
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Shurk Stealer payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

pandastealershurkinfostealerspywarestealervmprotect

behavioral2

pandastealershurkinfostealerspywarestealervmprotect

© 2018-2024

Terms | Privacy