General
-
Target
pandabanker_2.2.12.vir
-
Size
323KB
-
Sample
200719-pzkfyzpfan
-
MD5
14986293dae2f70ce025cad0f8ef6667
-
SHA1
785c48b0ad930dbad78d3f976427958ec68a34cb
-
SHA256
2e6634f1f1abdd8cc2d651d060631598caf6374fee5bc3cd8b246e3090e4c4fa
-
SHA512
987b094f403360413e70f6f12893d081f6df3c47e9eb9d58c2112ba69c8c2062f8956cec870e0615e15f1e17ef6d58561a44eef4dd8cafdde5823662fb585bfc
Static task
static1
Behavioral task
behavioral1
Sample
pandabanker_2.2.12.vir.exe
Resource
win7
Malware Config
Targets
-
-
Target
pandabanker_2.2.12.vir
-
Size
323KB
-
MD5
14986293dae2f70ce025cad0f8ef6667
-
SHA1
785c48b0ad930dbad78d3f976427958ec68a34cb
-
SHA256
2e6634f1f1abdd8cc2d651d060631598caf6374fee5bc3cd8b246e3090e4c4fa
-
SHA512
987b094f403360413e70f6f12893d081f6df3c47e9eb9d58c2112ba69c8c2062f8956cec870e0615e15f1e17ef6d58561a44eef4dd8cafdde5823662fb585bfc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-