General
-
Target
pandabanker_2.5.7.vir
-
Size
172KB
-
Sample
200719-l6t8kszp6e
-
MD5
49513443ccc5845927cd66204f5f4e11
-
SHA1
8575b9c2c4c531d4f16d0671fcb7df424241e188
-
SHA256
db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25
-
SHA512
e389f720fdbcc98ce514b63172d2373450eecf07c697a9445c20eeb6704e30d0639dcf1a79b9122396de022d7f9f81ff9dbcae1af842dbddb271833c310ccf68
Static task
static1
Behavioral task
behavioral1
Sample
pandabanker_2.5.7.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
pandabanker_2.5.7.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
pandabanker_2.5.7.vir
-
Size
172KB
-
MD5
49513443ccc5845927cd66204f5f4e11
-
SHA1
8575b9c2c4c531d4f16d0671fcb7df424241e188
-
SHA256
db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25
-
SHA512
e389f720fdbcc98ce514b63172d2373450eecf07c697a9445c20eeb6704e30d0639dcf1a79b9122396de022d7f9f81ff9dbcae1af842dbddb271833c310ccf68
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-