f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829 | Triage

Sharing

General

Target

pandabanker_2.5.2.vir
Size

336KB
Sample

200719-yyw3va2p12
MD5

2d3f3577cb6cbe630185a4de29bf4d0e
SHA1

da1e0fd15d555adc3f94425f4fd90ad3dc09f0bc
SHA256

f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829
SHA512

0302ab0cb6d0a69a10c78a21520e78ce2b058fbad50d7c71b7f8ae68eb23c96ea648c2c9b7ad8226fb030ecfee7703fc613818f701d00c2ccc6050bef62f56c2

Score

8^/10

evasion spyware

Malware Config

Targets

- Target
  
  pandabanker_2.5.2.vir
- Size
  
  336KB
- MD5
  
  2d3f3577cb6cbe630185a4de29bf4d0e
- SHA1
  
  da1e0fd15d555adc3f94425f4fd90ad3dc09f0bc
- SHA256
  
  f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829
- SHA512
  
  0302ab0cb6d0a69a10c78a21520e78ce2b058fbad50d7c71b7f8ae68eb23c96ea648c2c9b7ad8226fb030ecfee7703fc613818f701d00c2ccc6050bef62f56c2
Score

8^/10

evasion spyware
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2