General

  • Target

    pandabanker_2.2.2.vir

  • Size

    330KB

  • Sample

    200719-a4sza7ddza

  • MD5

    89a27b8f3355933e99bb47083aba9744

  • SHA1

    44be1e76b73faa435d43f387940f15c63cc636a1

  • SHA256

    a6214596a7509e1456c46502e83032adf2ca9480a0fe29403dee24094e04df67

  • SHA512

    f28a7e60047298f0281c130f1c90b766495767300f221ad67e27cb7f0d1f694c0d36e9ea074e672564e91c8707baeb51e53f980c456accc14f9c455fcd27f9f1

Score
9/10

Malware Config

Targets

    • Target

      pandabanker_2.2.2.vir

    • Size

      330KB

    • MD5

      89a27b8f3355933e99bb47083aba9744

    • SHA1

      44be1e76b73faa435d43f387940f15c63cc636a1

    • SHA256

      a6214596a7509e1456c46502e83032adf2ca9480a0fe29403dee24094e04df67

    • SHA512

      f28a7e60047298f0281c130f1c90b766495767300f221ad67e27cb7f0d1f694c0d36e9ea074e672564e91c8707baeb51e53f980c456accc14f9c455fcd27f9f1

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Executes dropped EXE

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

4
T1497

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

4
T1497

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks