ae96dbb67a548c38a292255130c47b99ec028e6afa228d62980a03ba9d7f03b0 | Triage

Sharing

General

Target

pandabanker_2.5.6.vir
Size

333KB
Sample

200719-5wq47jckce
MD5

5f4ddfe85a833c8b94fab8ab4c9e8fcd
SHA1

f47b802940ffb8a23b5fa51da2868ecbeabf4dad
SHA256

ae96dbb67a548c38a292255130c47b99ec028e6afa228d62980a03ba9d7f03b0
SHA512

70f4babdf85b964d088c9142a0bec51cc6ec6d275597c7bef3133354d338dcc9922555fa560443a9e6d6c07cf20bb1634f5370ec4d1b9b12b7e487bfa0d0e0e1

Score

8^/10

evasion persistence spyware

Malware Config

Targets

- Target
  
  pandabanker_2.5.6.vir
- Size
  
  333KB
- MD5
  
  5f4ddfe85a833c8b94fab8ab4c9e8fcd
- SHA1
  
  f47b802940ffb8a23b5fa51da2868ecbeabf4dad
- SHA256
  
  ae96dbb67a548c38a292255130c47b99ec028e6afa228d62980a03ba9d7f03b0
- SHA512
  
  70f4babdf85b964d088c9142a0bec51cc6ec6d275597c7bef3133354d338dcc9922555fa560443a9e6d6c07cf20bb1634f5370ec4d1b9b12b7e487bfa0d0e0e1
Score

8^/10

evasion spyware persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywarepersistence

behavioral2

evasionspywarepersistence