db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25 | Triage

Sharing

General

Target

pandabanker_2.5.7.vir
Size

172KB
Sample

200719-l6t8kszp6e
MD5

49513443ccc5845927cd66204f5f4e11
SHA1

8575b9c2c4c531d4f16d0671fcb7df424241e188
SHA256

db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25
SHA512

e389f720fdbcc98ce514b63172d2373450eecf07c697a9445c20eeb6704e30d0639dcf1a79b9122396de022d7f9f81ff9dbcae1af842dbddb271833c310ccf68

Score

8^/10

evasion persistence spyware

Malware Config

Targets

- Target
  
  pandabanker_2.5.7.vir
- Size
  
  172KB
- MD5
  
  49513443ccc5845927cd66204f5f4e11
- SHA1
  
  8575b9c2c4c531d4f16d0671fcb7df424241e188
- SHA256
  
  db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25
- SHA512
  
  e389f720fdbcc98ce514b63172d2373450eecf07c697a9445c20eeb6704e30d0639dcf1a79b9122396de022d7f9f81ff9dbcae1af842dbddb271833c310ccf68
Score

8^/10

evasion spyware persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywarepersistence

behavioral2

evasionspywarepersistence