3de467124b098019e59fbdbcd3815db8001f6479e17da506d0c10c0f83dcde7f | Triage

Sharing

General

Target

pandabanker_2.6.0.vir
Size

102KB
Sample

200719-pn6bkpexxj
MD5

350095ed814f7a603dce0265734cc3f3
SHA1

4157f3325e6061fcb1ba9e62318962f3d683d591
SHA256

3de467124b098019e59fbdbcd3815db8001f6479e17da506d0c10c0f83dcde7f
SHA512

96ca7f5b2b81158666375a3a1d4e55bf8469c14d071b79c2787d1f6cb3701f7c7ce13982dfdae994e4015f3a1de3b2aac817cc5301a98e742cd1cd274b2c511c

Score

8^/10

evasion persistence spyware

Malware Config

Targets

- Target
  
  pandabanker_2.6.0.vir
- Size
  
  102KB
- MD5
  
  350095ed814f7a603dce0265734cc3f3
- SHA1
  
  4157f3325e6061fcb1ba9e62318962f3d683d591
- SHA256
  
  3de467124b098019e59fbdbcd3815db8001f6479e17da506d0c10c0f83dcde7f
- SHA512
  
  96ca7f5b2b81158666375a3a1d4e55bf8469c14d071b79c2787d1f6cb3701f7c7ce13982dfdae994e4015f3a1de3b2aac817cc5301a98e742cd1cd274b2c511c
Score

8^/10

evasion spyware persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywarepersistence

behavioral2

evasionspywarepersistence