MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e5deea253834d0319b48c018714f779c499ed79df464e11d4f5ba63ac415f5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5e5deea253834d0319b48c018714f779c499ed79df464e11d4f5ba63ac415f5f
SHA3-384 hash: a132dedef5ae9ce2f6245b5866c6b851b7f690dd6c1a22b4fd907e717eee035f7dbd992450e89b25e5c24227c32ebf76
SHA1 hash: 9de2007d1f4e343448e2f04ae9b02b7c98fc9860
MD5 hash: 6c2cb8a77884216238666aa999f72544
humanhash: speaker-eleven-avocado-beryllium
File name:pandabanker_2.6.8.vir
Download: download sample
Signature PandaZeuS
File size:188'416 bytes
First seen:2020-07-19 17:17:49 UTC
Last seen:2020-07-19 19:14:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eca527e0660a42e26c42d8e09bb826e4
ssdeep 3072:G2SwTS5wm/3q9OTsPqakhmhJH7Ml3qJ1a8WPKv6dXYxLXexdnh13uu88rxRslzAp:zSLwc3q9SsPqakqOl3q7CdWuJ13upm+l
TLSH C3048D0362ED4505F6BF4A30487A8ED50869BC517CB2DDAE71803F2BDA7261DBA6C713
Reporter @tildedennis
Tags:pandabanker


Twitter
@tildedennis
pandabanker version 2.6.8

Intelligence


File Origin
# of uploads :
2
# of downloads :
28
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Panda
Detection:
malicious
Classification:
bank.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2018-04-24 17:25:02 UTC
AV detection:
22 of 29 (75.86%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Adds Run key to start application
Deletes itself
Reads user/profile data of web browsers
Loads dropped DLL
Identifies Wine through registry keys
Identifies Wine through registry keys
Reads user/profile data of web browsers
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments