MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PandaZeuS

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6
SHA3-384 hash:	48a3a5b09bd972865fb92331f26acca3fb4bef6eb1768096541baff95a35664f9377c4b8cfde617ee97e8daed191db87
SHA1 hash:	0057350dc6cef9f8f7f94188d8120dc91974f7cf
MD5 hash:	40033eb1ba8ab746a2024afba585ccf6
humanhash:	november-fifteen-west-sweet
File name:	pandabanker_2.5.3.vir
Download:	download sample
Signature	PandaZeuS Create hunting rule
File size:	326'144 bytes
First seen:	2020-07-19 19:28:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	900a481f8498ecbac4c6600deefd8001 (1 x PandaZeuS)
ssdeep	6144:av/MN1XXn2KAyDEki44rHgq93kHVe+QQgTMIRROgrluEoKX:G0N1XXn2KAEETNIHVe+QfJRHrjJX
Threatray	68 similar samples on MalwareBazaar
TLSH	AC64CF11B5E4D072F2A309B06961D7F35E783C222B78B56B67A6393A0E347E2C71474E
Reporter	tildedennis
Tags:	pandabanker PandaZeuS

tildedennis

pandabanker version 2.5.3

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'890

Origin country :

n/a

Vendor Threat Intelligence

Detection:

ZeusPanda

Link:

https://www.capesandbox.com/analysis/28195/

Detection(s):

SecuriteInfo.com.SCGeneric6.CCZK.7150.21750.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Detection:

panda

Link:

https://mwdb.cert.pl/sample/89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2017-09-21 09:08:09 UTC

File Type:

PE (Exe)

Extracted files:

7

AV detection:

46 of 47 (97.87%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

0d28bf33f99d286092870f3504f54bc0cb81a0f733275d0b689d6bdb9aeb758a

31ed064712da1c70c11c2e157e8469812befb3f051dcd7ffa4de44be49860381

335c0e4430a08956f796611b3ebf273117e784ee1d728d7b8fcb9997c98735cc

3bbfbe3de9cb174f9d7c579f5e404482778924df85eb4b9daa03a274fc91eb91

59e2125782c015d9cad7ae6035eaed1cfab4889ee90ed74888582c784d08fb3b

6278fbd54efddf8382ab45329e58e655cb7f82dc86f60028935b96eba9ce16bc

634aea27e31c58f7e07510965e6d7350a8cf7e18c5cd5099edcf0586f1990ab9

8337b387ec3cafdaa01347f123383682a8bb1e6965a922258fd656a36ebe919d

c3be55a58b2afa08ba8520d981c50ab773113da36b139985ad16e5fab39ac145

db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25

+ 58 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

evasion spyware

Link:

https://tria.ge/reports/200719-b4enqzewq2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Loads dropped DLL

Deletes itself

Identifies Wine through registry keys

Reads user/profile data of web browsers

Identifies Wine through registry keys

Reads user/profile data of web browsers

Executes dropped EXE

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/pandabanker/

Cape

Cape

https://www.capesandbox.com/analysis/28195/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample