MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d28bf33f99d286092870f3504f54bc0cb81a0f733275d0b689d6bdb9aeb758a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 0d28bf33f99d286092870f3504f54bc0cb81a0f733275d0b689d6bdb9aeb758a
SHA3-384 hash: f1480692b169e31c1e98974c501106ad58d79942e8a25b397beea4f73072c8fa52792aac66e5ba31639dbafca4307569
SHA1 hash: 8bcfaa5661fe60feba9d3f3cfbd93722559c089e
MD5 hash: 4c1fc16ab79ee26d77c6f55086d9c426
humanhash: maryland-golf-hotel-snake
File name:pandabanker_2.4.1.vir
Download: download sample
Signature PandaZeuS
File size:246'784 bytes
First seen:2020-07-19 19:41:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 33e30f41aee13736cc310230f37c9869
ssdeep 6144:Sh5CTyk8qN+LKclbYyqaCfwrrrrrgrr6reRZ19jilr1rrrUrrrurrrrkrtrr6rrn:a5CWkV+LKEkyY
TLSH F734AE33016283BEE2512B7EE8350F904D97FDE0994086474CADFDCA677EE624369B52
Reporter @tildedennis
Tags:pandabanker PandaZeuS


Twitter
@tildedennis
pandabanker version 2.4.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
27
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Emotet
Status:
Malicious
First seen:
2017-06-11 16:33:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion spyware persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Adds Run key to start application
Deletes itself
Checks BIOS information in registry
Reads user/profile data of web browsers
Identifies Wine through registry keys
Loads dropped DLL
Checks BIOS information in registry
Identifies Wine through registry keys
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
Executes dropped EXE
Executes dropped EXE
Looks for VMWare Tools registry key
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments