General
-
Target
pandabanker_2.3.4.vir
-
Size
117KB
-
Sample
200719-g1a9lhwv42
-
MD5
44cce753411d9a5dc8dc32c48d6c597e
-
SHA1
96b8148154cc5806f655760d59e5de1064963b6e
-
SHA256
8337b387ec3cafdaa01347f123383682a8bb1e6965a922258fd656a36ebe919d
-
SHA512
3861fd576f0ff3c58b4c4bff188957ba6ec8f2a0fdbcd7e8cce2ac64dc0f1980c7afaf33b3629daeba6cbaa6df2796b3b4755a4a8f876727c2e93f58cc833720
Static task
static1
Behavioral task
behavioral1
Sample
pandabanker_2.3.4.vir.exe
Resource
win7
Malware Config
Targets
-
-
Target
pandabanker_2.3.4.vir
-
Size
117KB
-
MD5
44cce753411d9a5dc8dc32c48d6c597e
-
SHA1
96b8148154cc5806f655760d59e5de1064963b6e
-
SHA256
8337b387ec3cafdaa01347f123383682a8bb1e6965a922258fd656a36ebe919d
-
SHA512
3861fd576f0ff3c58b4c4bff188957ba6ec8f2a0fdbcd7e8cce2ac64dc0f1980c7afaf33b3629daeba6cbaa6df2796b3b4755a4a8f876727c2e93f58cc833720
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-