MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5782c7ade207fd4415c35bd1e98bad7c3fcaef206fa60f142b8d1062e7103670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PandaZeuS

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	5782c7ade207fd4415c35bd1e98bad7c3fcaef206fa60f142b8d1062e7103670
SHA3-384 hash:	3f46efeed314b9c1c0a6e72e3d9b189c9e08cb89cb5187be71586e15f1b56bf55f58a89fde2dff4c03d230a02c69cbc6
SHA1 hash:	4e6169ef0a6dfc2c8253540362f93fedd06774c6
MD5 hash:	5c47e3ed6dea436b0f99141bb5799fa9
humanhash:	twenty-violet-uranus-ink
File name:	pandabanker_2.6.5.vir
Download:	download sample
Signature	PandaZeuS Create hunting rule
File size:	193'536 bytes
First seen:	2020-07-19 19:47:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5343944773d45e10e0a85e9f2149ad24 (1 x PandaZeuS)
ssdeep	3072:wylW0Mr8aUdNC9X6/UNYowuGdfbBEo2ySi3IEfzhJ2PpfTtq3Z1XXZE7dMlu:wRrkdk9X6/UCJfbBuySNwhJ2f4ZBpE7G
Threatray	215 similar samples on MalwareBazaar
TLSH	0114BE3767A44FCCEEF68E790931C2BD11DAB9544A40861A15F9AC1BBD221493FECCD8
Reporter	tildedennis
Tags:	pandabanker PandaZeuS

tildedennis

pandabanker version 2.6.5

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'911

Origin country :

n/a

Vendor Threat Intelligence

Detection:

ZeusPanda

Link:

https://www.capesandbox.com/analysis/28385/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Panda.13315.7650.1096.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Detection:

panda

Link:

https://mwdb.cert.pl/sample/5782c7ade207fd4415c35bd1e98bad7c3fcaef206fa60f142b8d1062e7103670/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2018-03-14 15:59:09 UTC

File Type:

PE (Exe)

Extracted files:

30

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

0c80fa8807477cff8c9c3ed7b2a857538f022b1e8829020d09f60bd71f1afd9a

2abe71b49e45492b408294a415a308799ed312ff79c013924a42e53ce9c32a82

31ed064712da1c70c11c2e157e8469812befb3f051dcd7ffa4de44be49860381

335c0e4430a08956f796611b3ebf273117e784ee1d728d7b8fcb9997c98735cc

3de467124b098019e59fbdbcd3815db8001f6479e17da506d0c10c0f83dcde7f

3ee04e378f6430e85f5756093e80b243c2ebbcb9f2ee77cc32acd1cd9e333301

70752b45ccb4a9f987d95097e810b9cbbbfb4141ac35a0b55e55b95c67b022b0

a6214596a7509e1456c46502e83032adf2ca9480a0fe29403dee24094e04df67

c3be55a58b2afa08ba8520d981c50ab773113da36b139985ad16e5fab39ac145

d73498e0aabb97375783af491aded66aa6710ba848247de3337f404fa02a35c0

+ 205 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware persistence evasion

Link:

https://tria.ge/reports/200719-tkw21mp6gs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Adds Run key to start application

Adds Run key to start application

Identifies Wine through registry keys

Reads user/profile data of web browsers

Loads dropped DLL

Deletes itself

Reads user/profile data of web browsers

Identifies Wine through registry keys

Executes dropped EXE

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5782c7ade207fd4415c35bd1e98bad7c3fcaef206fa60f142b8d1062e7103670

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/pandabanker/

Cape

Cape

https://www.capesandbox.com/analysis/28385/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample