MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62989ab56f11701b109cddf0eb20e995c833078bb40942a8c931589497c25948. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 62989ab56f11701b109cddf0eb20e995c833078bb40942a8c931589497c25948
SHA3-384 hash: b2ed8928472ab68d595eb0b307db941277ac12fd034f62851c2fde7d771f0e917b2ba828af33990498517b58e9436aff
SHA1 hash: d78f465ffb433d4f2c9382e22e028709567c7eba
MD5 hash: ed09632e3d549edb8f31eaac5562df7c
humanhash: saturn-black-cardinal-kentucky
File name:pandabanker_2.1.1.vir
Download: download sample
Signature PandaZeuS
File size:315'392 bytes
First seen:2020-07-19 19:34:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a39daa38d81c2b43392bf71d45eac208
ssdeep 3072:kINhjp6THFfBCY3KROt6dtnVq3iOs3hRRD69Y8QR8VQDUDJpYOm3U:LhjUTlfBLbtqnVJLRRcYf8aDEKOiU
TLSH 2764A391FA0800EBCC6D853016B3A650A6236D06C66B1BE2D43215EF67E1FB9FF1D9D4
Reporter @tildedennis
Tags:pandabanker


Twitter
@tildedennis
pandabanker version 2.1.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
29
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247393 Sample: pandabanker_2.1.1.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 31 Malicious sample detected (through community Yara rule) 2->31 33 Antivirus / Scanner detection for submitted sample 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 Sigma detected: Suspicious Svchost Process 2->37 7 pandabanker_2.1.1.exe 4 2->7         started        process3 file4 23 C:\Users\...\CachedImage_1280_1024_POS4.exe, PE32 7->23 dropped 25 C:\Users\user\AppData\...\upd27ef4599.bat, DOS 7->25 dropped 39 Detected unpacking (changes PE section rights) 7->39 41 Detected unpacking (overwrites its own PE header) 7->41 43 Drops batch files with force delete cmd (self deletion) 7->43 45 Drops executable to a common third party application directory 7->45 11 CachedImage_1280_1024_POS4.exe 7->11         started        14 cmd.exe 1 7->14         started        signatures5 process6 signatures7 47 Antivirus detection for dropped file 11->47 49 Multi AV Scanner detection for dropped file 11->49 51 Detected unpacking (changes PE section rights) 11->51 53 5 other signatures 11->53 16 svchost.exe 11->16         started        19 svchost.exe 11->19         started        21 conhost.exe 14->21         started        process8 signatures9 27 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 16->27 29 Overwrites code with function prologues 16->29
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2016-02-10 00:43:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Behaviour
Suspicious use of UnmapMainImage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Deletes itself
Reads user/profile data of web browsers
Reads user/profile data of web browsers
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments