General
-
Target
pandabanker_2.4.3.vir
-
Size
119KB
-
Sample
200719-hbklxwb1we
-
MD5
e993fa29a325d96c4f36853cf48e3b0f
-
SHA1
f99a3dadb94ef6aa592657860c131c3efaf57a39
-
SHA256
634aea27e31c58f7e07510965e6d7350a8cf7e18c5cd5099edcf0586f1990ab9
-
SHA512
1837458475a4682f6b504fa282a7543e011ab992f55a521635f85577d2453a7192821e6f96d42c5d1df4a37369ee4912acce003f626cb7a82ca8cecdb4db0cfc
Malware Config
Targets
-
-
Target
pandabanker_2.4.3.vir
-
Size
119KB
-
MD5
e993fa29a325d96c4f36853cf48e3b0f
-
SHA1
f99a3dadb94ef6aa592657860c131c3efaf57a39
-
SHA256
634aea27e31c58f7e07510965e6d7350a8cf7e18c5cd5099edcf0586f1990ab9
-
SHA512
1837458475a4682f6b504fa282a7543e011ab992f55a521635f85577d2453a7192821e6f96d42c5d1df4a37369ee4912acce003f626cb7a82ca8cecdb4db0cfc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-