MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 335c0e4430a08956f796611b3ebf273117e784ee1d728d7b8fcb9997c98735cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 335c0e4430a08956f796611b3ebf273117e784ee1d728d7b8fcb9997c98735cc
SHA3-384 hash: 58f63a880d07790e9bb92956a4b136e6a266232ce59f43bda740a33a30f750ad218d90285abac3199c06c5e54b5ef0b8
SHA1 hash: 854b027105285490e7e08f1a1280675ec14ce1e5
MD5 hash: f1f81e6751825b70ee2d8a90ae4119ce
humanhash: jig-mirror-alaska-yellow
File name:pandabanker_2.5.0.vir
Download: download sample
Signature PandaZeuS
File size:403'456 bytes
First seen:2020-07-19 19:30:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 58da9ee9c164d19d8fcbacb71f6d2faa
ssdeep 6144:YN2B6bgQ6Oicc1E8dEsy9EjnR2G8+C68m8Lt0MFi7eb7pncWSq6:YorOicc1E8ml9EjnZncm8a+PNcY6
TLSH 1784CF1178D4C037F27A027C44B5D7F1A7BE79760B65C2EB3B99A23D1E681C29720B4A
Reporter @tildedennis
Tags:pandabanker PandaZeuS


Twitter
@tildedennis
pandabanker version 2.5.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Upatre
Status:
Malicious
First seen:
2017-09-01 01:02:00 UTC
AV detection:
21 of 28 (75.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Identifies Wine through registry keys
Deletes itself
Reads user/profile data of web browsers
Loads dropped DLL
Identifies Wine through registry keys
Reads user/profile data of web browsers
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments