General

  • Target

    pandabanker_2.3.4.vir

  • Size

    117KB

  • Sample

    200719-g1a9lhwv42

  • MD5

    44cce753411d9a5dc8dc32c48d6c597e

  • SHA1

    96b8148154cc5806f655760d59e5de1064963b6e

  • SHA256

    8337b387ec3cafdaa01347f123383682a8bb1e6965a922258fd656a36ebe919d

  • SHA512

    3861fd576f0ff3c58b4c4bff188957ba6ec8f2a0fdbcd7e8cce2ac64dc0f1980c7afaf33b3629daeba6cbaa6df2796b3b4755a4a8f876727c2e93f58cc833720

Score
9/10

Malware Config

Targets

    • Target

      pandabanker_2.3.4.vir

    • Size

      117KB

    • MD5

      44cce753411d9a5dc8dc32c48d6c597e

    • SHA1

      96b8148154cc5806f655760d59e5de1064963b6e

    • SHA256

      8337b387ec3cafdaa01347f123383682a8bb1e6965a922258fd656a36ebe919d

    • SHA512

      3861fd576f0ff3c58b4c4bff188957ba6ec8f2a0fdbcd7e8cce2ac64dc0f1980c7afaf33b3629daeba6cbaa6df2796b3b4755a4a8f876727c2e93f58cc833720

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Executes dropped EXE

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

4
T1497

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

4
T1497

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks