[QuickNote] Analysis of Pandora ransomware
Tags
attack-pattern: Data Indirect Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Third-Party Software - T1072
Show in Graph
Common Information
Type Value
UUID 78aec783-03fc-4ffc-9759-49a1898c99f3
Fingerprint 1a6bbab26eeda68b
Analysis status DONE
Considered CTI value 0
Text language
Published March 21, 2022, 1:15 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline 0day in {REA_TEAM}
Title [QuickNote] Analysis of Pandora ransomware
Detected Hints/Tags/Attributes 53/1/33
Source URLs
Redirection Url
Details Source https://kienmanowar.wordpress.com/2022/03/21/quicknote-analysis-of-pandora-ransomware/
URL Provider
Details Provider Source level domain
Details wordpress.com kienmanowar.wordpress.com
Attributes
Details Type #Events CTI Value
Details Domain 14 
chuongdong.com
Details Domain 1 
vbfqeh5nugm6r2u2qvghsdxm3fotf5wbxb5ltv6vw77vus5frdpuaiid.onion
Details Domain 59 
torproject.org
Details Domain 2 
pandoraxyz.xyz
Details Email 2 
contact@pandoraxyz.xyz
Details File 39 
amsi.dll
Details File 2125 
cmd.exe
Details File 345 
vssadmin.exe
Details File 1 
estore_my_files.txt
Details File 23 
'.exe
Details File 10 
'.dll
Details File 2 
'.ini
Details File 1 
'.cab
Details File 1 
'.drv
Details File 2 
'.ico
Details File 1 
'.idx
Details File 2 
'.sys
Details File 351 
recycle.bin
Details File 2 
'autorun.inf
Details File 1 
'boot.ini
Details File 1 
'bootfont.bin
Details File 1 
'bootsect.bak
Details File 2 
'desktop.ini
Details File 1 
'iconcache.db
Details File 3 
'ntuser.dat
Details File 2 
'ntuser.dat.log
Details File 1 
'ntuser.ini
Details File 2 
'thumbs.db
Details md5 4 
0c4a84b66832a08dccc42b478d9d5e1b
Details md5 1 
1497ac198a13de8c4e6d1a1e73eaa50f
Details Url 6 
https://chuongdong.com/reverse
Details Url 1 
http://vbfqeh5nugm6r2u2qvghsdxm3fotf5wbxb5ltv6vw77vus5frdpuaiid.onion
Details Url 27 
https://torproject.org