MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5782c7ade207fd4415c35bd1e98bad7c3fcaef206fa60f142b8d1062e7103670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5782c7ade207fd4415c35bd1e98bad7c3fcaef206fa60f142b8d1062e7103670
SHA3-384 hash: 3f46efeed314b9c1c0a6e72e3d9b189c9e08cb89cb5187be71586e15f1b56bf55f58a89fde2dff4c03d230a02c69cbc6
SHA1 hash: 4e6169ef0a6dfc2c8253540362f93fedd06774c6
MD5 hash: 5c47e3ed6dea436b0f99141bb5799fa9
humanhash: twenty-violet-uranus-ink
File name:pandabanker_2.6.5.vir
Download: download sample
Signature PandaZeuS
File size:193'536 bytes
First seen:2020-07-19 19:47:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5343944773d45e10e0a85e9f2149ad24
ssdeep 3072:wylW0Mr8aUdNC9X6/UNYowuGdfbBEo2ySi3IEfzhJ2PpfTtq3Z1XXZE7dMlu:wRrkdk9X6/UCJfbBuySNwhJ2f4ZBpE7G
TLSH 0114BE3767A44FCCEEF68E790931C2BD11DAB9544A40861A15F9AC1BBD221493FECCD8
Reporter @tildedennis
Tags:pandabanker PandaZeuS


Twitter
@tildedennis
pandabanker version 2.6.5

Intelligence


File Origin
# of uploads :
1
# of downloads :
40
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2018-03-14 15:59:09 UTC
AV detection:
27 of 29 (93.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware persistence evasion
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Adds Run key to start application
Identifies Wine through registry keys
Reads user/profile data of web browsers
Loads dropped DLL
Deletes itself
Reads user/profile data of web browsers
Identifies Wine through registry keys
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments