General
-
Target
pandabanker_2.6.6.vir
-
Size
419KB
-
Sample
200719-bqxwwdgka2
-
MD5
a77ad824e5058d6504a791d0289ffc3d
-
SHA1
a51b66e9d2f3b813ce053a43e5be82d809e29125
-
SHA256
8db8f6266f6ad9546b2b5386a835baa0cbf5ea5f699f2eb6285ddf401b76ccb7
-
SHA512
66dd9192144fed1493927580d0d94fd6f90a752500a5fd49dc4a808b7782e9bb8014e2df0fbca33851976c46b92b0a43461ecfe5788687e5e99d6fb03329013b
Malware Config
Targets
-
-
Target
pandabanker_2.6.6.vir
-
Size
419KB
-
MD5
a77ad824e5058d6504a791d0289ffc3d
-
SHA1
a51b66e9d2f3b813ce053a43e5be82d809e29125
-
SHA256
8db8f6266f6ad9546b2b5386a835baa0cbf5ea5f699f2eb6285ddf401b76ccb7
-
SHA512
66dd9192144fed1493927580d0d94fd6f90a752500a5fd49dc4a808b7782e9bb8014e2df0fbca33851976c46b92b0a43461ecfe5788687e5e99d6fb03329013b
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-