General
-
Target
pandabanker_2.3.3.vir
-
Size
356KB
-
Sample
200719-51vyvzwx1a
-
MD5
9d9f70a971c3c0c1e445514febb7d694
-
SHA1
7ed971c33f7d7bf7f5ed421bf95b8d0b1b570296
-
SHA256
3bbfbe3de9cb174f9d7c579f5e404482778924df85eb4b9daa03a274fc91eb91
-
SHA512
18bba8cd66823d28501766e226090e7b6fa9b1b963579e187842114f7b36c96b0645082e1d5f6e380a9669651132450cccfcfb4b8aaa112ae42285b324998d80
Static task
static1
Behavioral task
behavioral1
Sample
pandabanker_2.3.3.vir.exe
Resource
win7
Malware Config
Targets
-
-
Target
pandabanker_2.3.3.vir
-
Size
356KB
-
MD5
9d9f70a971c3c0c1e445514febb7d694
-
SHA1
7ed971c33f7d7bf7f5ed421bf95b8d0b1b570296
-
SHA256
3bbfbe3de9cb174f9d7c579f5e404482778924df85eb4b9daa03a274fc91eb91
-
SHA512
18bba8cd66823d28501766e226090e7b6fa9b1b963579e187842114f7b36c96b0645082e1d5f6e380a9669651132450cccfcfb4b8aaa112ae42285b324998d80
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-