MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6
SHA3-384 hash: 48a3a5b09bd972865fb92331f26acca3fb4bef6eb1768096541baff95a35664f9377c4b8cfde617ee97e8daed191db87
SHA1 hash: 0057350dc6cef9f8f7f94188d8120dc91974f7cf
MD5 hash: 40033eb1ba8ab746a2024afba585ccf6
humanhash: november-fifteen-west-sweet
File name:pandabanker_2.5.3.vir
Download: download sample
Signature PandaZeuS
File size:326'144 bytes
First seen:2020-07-19 19:28:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 900a481f8498ecbac4c6600deefd8001
ssdeep 6144:av/MN1XXn2KAyDEki44rHgq93kHVe+QQgTMIRROgrluEoKX:G0N1XXn2KAEETNIHVe+QfJRHrjJX
TLSH AC64CF11B5E4D072F2A309B06961D7F35E783C222B78B56B67A6393A0E347E2C71474E
Reporter @tildedennis
Tags:pandabanker PandaZeuS


Twitter
@tildedennis
pandabanker version 2.5.3

Intelligence


File Origin
# of uploads :
1
# of downloads :
27
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2017-09-21 09:08:09 UTC
AV detection:
46 of 47 (97.87%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Loads dropped DLL
Deletes itself
Identifies Wine through registry keys
Reads user/profile data of web browsers
Identifies Wine through registry keys
Reads user/profile data of web browsers
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments