MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e1684d4513c0c3ad9d15fb28b65edbb505977729bc60c61dd7f69c484bc08a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 1e1684d4513c0c3ad9d15fb28b65edbb505977729bc60c61dd7f69c484bc08a2
SHA3-384 hash: 02673dbf2d9ca9c3405b12eb3308e23323d427feb65391afe9c8e4bf00c2059d9fd484bebb3f0036e58026ce68745143
SHA1 hash: 3bd22c45350794e482a021e0d031769fbbbcc53c
MD5 hash: 1a691f702e35fb79d95eb4f18a8b3cfb
humanhash: alaska-high-eighteen-nitrogen
File name:pandabanker_2.2.6.vir
Download: download sample
Signature PandaZeuS
File size:301'338 bytes
First seen:2020-07-19 19:43:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e160ef8e55bb9d162da4e266afd9eef3
ssdeep 6144:m8dNXSE5Qou91juP25hJ9pi1Sy9OOHFGtEP/VAqmzZh+rxwiGnVj+eBJnklv:l5Qoi1jm25Ilg8NFwiSBfnklv
TLSH F25412133FD481FFC3A618B266B9C3B5C7B68D4242361A278752AF7D7F1819E4721928
Reporter @tildedennis
Tags:pandabanker


Twitter
@tildedennis
pandabanker version 2.2.6

Intelligence


File Origin
# of uploads :
1
# of downloads :
34
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247467 Sample: pandabanker_2.2.6.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus detection for dropped file 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 42 5 other signatures 2->42 8 pandabanker_2.2.6.exe 22 2->8         started        process3 file4 26 C:\Users\user\AppData\Local\...\System.dll, PE32 8->26 dropped 44 Detected unpacking (changes PE section rights) 8->44 46 Detected unpacking (overwrites its own PE header) 8->46 48 Contains functionality to inject code into remote processes 8->48 12 pandabanker_2.2.6.exe 4 8->12         started        signatures5 process6 file7 28 C:\Users\user\AppData\...\profiles.exe, PE32 12->28 dropped 50 Drops executable to a common third party application directory 12->50 52 Tries to detect sandboxes / dynamic malware analysis system (registry check) 12->52 54 Tries to detect sandboxes / dynamic malware analysis system (mutex check) 12->54 56 Tries to detect sandboxes / dynamic malware analysis system (tool check) 12->56 16 profiles.exe 15 12->16         started        signatures8 process9 file10 22 C:\Users\user\AppData\Roaming22sRandom.dll, PE32 16->22 dropped 24 C:\Users\user\AppData\Local\...\System.dll, PE32 16->24 dropped 30 Antivirus detection for dropped file 16->30 32 Multi AV Scanner detection for dropped file 16->32 34 Machine Learning detection for dropped file 16->34 20 profiles.exe 16->20         started        signatures11 process12
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2016-09-03 02:57:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
NSIS installer
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments