General
-
Target
pandabanker_2.5.6.vir
-
Size
333KB
-
Sample
200719-5wq47jckce
-
MD5
5f4ddfe85a833c8b94fab8ab4c9e8fcd
-
SHA1
f47b802940ffb8a23b5fa51da2868ecbeabf4dad
-
SHA256
ae96dbb67a548c38a292255130c47b99ec028e6afa228d62980a03ba9d7f03b0
-
SHA512
70f4babdf85b964d088c9142a0bec51cc6ec6d275597c7bef3133354d338dcc9922555fa560443a9e6d6c07cf20bb1634f5370ec4d1b9b12b7e487bfa0d0e0e1
Static task
static1
Behavioral task
behavioral1
Sample
pandabanker_2.5.6.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
pandabanker_2.5.6.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
pandabanker_2.5.6.vir
-
Size
333KB
-
MD5
5f4ddfe85a833c8b94fab8ab4c9e8fcd
-
SHA1
f47b802940ffb8a23b5fa51da2868ecbeabf4dad
-
SHA256
ae96dbb67a548c38a292255130c47b99ec028e6afa228d62980a03ba9d7f03b0
-
SHA512
70f4babdf85b964d088c9142a0bec51cc6ec6d275597c7bef3133354d338dcc9922555fa560443a9e6d6c07cf20bb1634f5370ec4d1b9b12b7e487bfa0d0e0e1
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-