General
-
Target
pandabanker_2.6.9.vir
-
Size
210KB
-
Sample
200719-y1bm9mjbha
-
MD5
1ff6aa04bc4971019ecd9220847a8986
-
SHA1
9bf32b9710a1fc088d831c0d88c6c02579ffbffa
-
SHA256
3d95e6885d4a0a66dad5d37750fa84a4d4f1f9db2ccc741997d22d89af92cbfb
-
SHA512
161d92bc46abe4b94d2eb1c394e2ee1530d9af7936fbbae3580f4870b8ac08db522fcf300b502350ff4dcad976e9e32c296a7c9be71964e8dfa06164bbd0a358
Static task
static1
Behavioral task
behavioral1
Sample
pandabanker_2.6.9.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
pandabanker_2.6.9.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
pandabanker_2.6.9.vir
-
Size
210KB
-
MD5
1ff6aa04bc4971019ecd9220847a8986
-
SHA1
9bf32b9710a1fc088d831c0d88c6c02579ffbffa
-
SHA256
3d95e6885d4a0a66dad5d37750fa84a4d4f1f9db2ccc741997d22d89af92cbfb
-
SHA512
161d92bc46abe4b94d2eb1c394e2ee1530d9af7936fbbae3580f4870b8ac08db522fcf300b502350ff4dcad976e9e32c296a7c9be71964e8dfa06164bbd0a358
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-