Rewterz Threat Alert – Panda Stealer Malware – Active IOCs

Severity

High

Analysis Summary

Panda stealer is a malicious program, a new variant of CollectorStealer, designed to collect and exfiltrate sensitive and personal data from infected computers. It primarily targets cryptocurrency to steal Bytecoin, Dash, Litecoin, and other crypto wallets. Panda can steal log-in credentials from VPN software (NordVPN), messaging platforms, and digital distribution services for video games. It can also take screenshots of the infected machine and steal information from browsers such as cookies, passwords, and credit cards. It places files in the %Temp% folder, which keeps stolen data under randomized file names before sending it to a command-and-control (C&C) server.

Spam campaigns have been used to propagate Panda stealer. It is also known to propagate through malicious Microsoft Office Excel files.

Impact

• Credential Theft
• Unauthorized Access

Indicators of Compromise

MD5

• b6d03b0ec3c9d7ffb57a45b36924612a
• dde995cfb07cbb9bc3f054783cb35461
• a25f82f79bbeb8abcf52c7912ebbe2ea

SHA-256

• 47e8958d7ae26467cb5b9e1d6e0b206139d18f5a7ccfb834286be5aa76c8a3ee
• 513b839cea18adfe5cc8f6307dbf2519ab07c6cca7c46508b778150acb88829a
• 6bd34841d476beec52a2d0747a4ed50195d82ea77df6d2bcf42041911f945ec6

SHA-1

• 6b9d534a757642b733bdd85f33160a9bdcd96ea2
• 62c8098fd796dbbb1ae38d4e8eaec2bacae64bea
• 939e1b0017a15e77bc7a218a70528b368d8c5212

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
•  Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• Enable two-factor authentication.