MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 634aea27e31c58f7e07510965e6d7350a8cf7e18c5cd5099edcf0586f1990ab9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 634aea27e31c58f7e07510965e6d7350a8cf7e18c5cd5099edcf0586f1990ab9
SHA3-384 hash: 09dd9ede3d46f0b7a2bc93c5e4b6b0126f4f215754793dfd774ce43e71e5d7003beb99d615695f1bd46e7ff2993b6d8c
SHA1 hash: f99a3dadb94ef6aa592657860c131c3efaf57a39
MD5 hash: e993fa29a325d96c4f36853cf48e3b0f
humanhash: purple-alaska-saturn-lion
File name:pandabanker_2.4.3.vir
Download: download sample
Signature PandaZeuS
File size:122'400 bytes
First seen:2020-07-19 19:46:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d73bdbb3f2fd7cd8e9c07bbe68c4cfd3
ssdeep 3072:Le2qrexXvQiF3tXr9NFELMzRLs/Mc68/J8tuy5R8gDw1+p4Rsgx4:E2z9/CMzGMhZwgDgx4
TLSH 71C39E63F9C740F8D72538745F5AB586AAF9EF0404EB5A83D7E419875860D20FB2E283
Reporter @tildedennis
Tags:pandabanker PandaZeuS


Twitter
@tildedennis
pandabanker version 2.4.3

Intelligence


File Origin
# of uploads :
1
# of downloads :
40
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2017-07-28 09:07:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion spyware
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks BIOS information in registry
Identifies Wine through registry keys
Loads dropped DLL
Reads user/profile data of web browsers
Deletes itself
Reads user/profile data of web browsers
Checks BIOS information in registry
Identifies Wine through registry keys
Looks for VMWare Tools registry key
Executes dropped EXE
Executes dropped EXE
Looks for VMWare Tools registry key
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Looks for VirtualBox Guest Additions in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments