General
-
Target
pandabanker_2.2.9.vir
-
Size
191KB
-
Sample
200719-9q58pb28ya
-
MD5
e427c35ccfbf9ef9fdc03725a06216a4
-
SHA1
6150de4c92beb6a8f07b46d6bae1a227db3f7284
-
SHA256
7fed42ce016ec6ac5ea6ee1468b1f96afa55955f955471b89bb57c903f0e8fdb
-
SHA512
b05ea0c662b686421cf02efd0c0246c52f145107f84b6bb6972f312a56e1a7989c2873c2fb72f728ae1020b66d226f9844a5a092159cd2f4409ec85b5a443bab
Malware Config
Targets
-
-
Target
pandabanker_2.2.9.vir
-
Size
191KB
-
MD5
e427c35ccfbf9ef9fdc03725a06216a4
-
SHA1
6150de4c92beb6a8f07b46d6bae1a227db3f7284
-
SHA256
7fed42ce016ec6ac5ea6ee1468b1f96afa55955f955471b89bb57c903f0e8fdb
-
SHA512
b05ea0c662b686421cf02efd0c0246c52f145107f84b6bb6972f312a56e1a7989c2873c2fb72f728ae1020b66d226f9844a5a092159cd2f4409ec85b5a443bab
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-