General
-
Target
pandabanker_2.2.11.vir
-
Size
378KB
-
Sample
200719-n6rd6ddems
-
MD5
41d9df6b1a7e6fe50f8b3b94186ad9be
-
SHA1
da1dd6c5cfabd88c587235d2908b63cd53974577
-
SHA256
10b85536fedabb3c8ca3bed5822f368ed64a09bb06b4f595ac4dc18aeb565426
-
SHA512
dccb522e7d609c508b147fb2cf353c123766e3a04d9dfbf97f9d7f368bc58d5aa69ad38d7d0a86719c0a9210ad904f84f81920b5297589ecbdec74c8c359c3c1
Malware Config
Targets
-
-
Target
pandabanker_2.2.11.vir
-
Size
378KB
-
MD5
41d9df6b1a7e6fe50f8b3b94186ad9be
-
SHA1
da1dd6c5cfabd88c587235d2908b63cd53974577
-
SHA256
10b85536fedabb3c8ca3bed5822f368ed64a09bb06b4f595ac4dc18aeb565426
-
SHA512
dccb522e7d609c508b147fb2cf353c123766e3a04d9dfbf97f9d7f368bc58d5aa69ad38d7d0a86719c0a9210ad904f84f81920b5297589ecbdec74c8c359c3c1
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-