94c1b963cc2b06ec91490e557ded99ecfc04d336eea26fdb2f4253a0cfa3ed81 | Triage

Sharing

General

Target

pandabanker_2.6.2.vir
Size

92KB
Sample

200719-2rt8agpbd6
MD5

35759acd799f951b8beef86311bd9b77
SHA1

835e0b085afe038d013b2bd1675a1dd6b89c9949
SHA256

94c1b963cc2b06ec91490e557ded99ecfc04d336eea26fdb2f4253a0cfa3ed81
SHA512

f06c2e33e947b3a24e368b30b9f129007c247b6b08ffe324fb3a34a004e9fa9c9edb426a4cbbd423a76a1eeba054d062d0a8eae87752416987d165bbc6511fa6

Score

8^/10

evasion persistence spyware

Malware Config

Targets

- Target
  
  pandabanker_2.6.2.vir
- Size
  
  92KB
- MD5
  
  35759acd799f951b8beef86311bd9b77
- SHA1
  
  835e0b085afe038d013b2bd1675a1dd6b89c9949
- SHA256
  
  94c1b963cc2b06ec91490e557ded99ecfc04d336eea26fdb2f4253a0cfa3ed81
- SHA512
  
  f06c2e33e947b3a24e368b30b9f129007c247b6b08ffe324fb3a34a004e9fa9c9edb426a4cbbd423a76a1eeba054d062d0a8eae87752416987d165bbc6511fa6
Score

8^/10

evasion spyware persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywarepersistence

behavioral2

spywarepersistenceevasion