MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be4a4c076d2644bb29e90d6dc42ce9f400a940a9d684fd9073abdca0b65c9bca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PandaZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be4a4c076d2644bb29e90d6dc42ce9f400a940a9d684fd9073abdca0b65c9bca
SHA3-384 hash: af7dd6ef409d705c932da5e11f93db7cac36c883f29f34d975c143edf31a0f3c7c863a2b79c947b2e3d64b9cfb4b20ae
SHA1 hash: df6734c99e5a682c1298b983b3b2727d2853770d
MD5 hash: 01549ffc7c4dd015b2c01590536d2f9a
humanhash: asparagus-golf-magazine-carbon
File name:pandabanker_2.1.3.vir
Download: download sample
Signature PandaZeuS
Create hunting rule
File size:218'624 bytes
First seen:2020-07-19 19:35:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1b6adc34fa8a111d48902c0fea8048b8 (1 x PandaZeuS)
ssdeep 3072:aIc62dBOJ6j6S2J1GdT0k/MZ3GqfYs9pw7ButpRtgCFtZhAYcNEulf1mb6jt:A62dTj8JMh0k/Mg+P0BCPTAvvmGh
Threatray 62 similar samples on MalwareBazaar
TLSH 38243855BBB85EDFF59A0AB0AC6D7B046C27F663F523D98A4320CC6E04F16C012356B6
Reporter tildedennis
Tags:pandabanker


Avatar
tildedennis
pandabanker version 2.1.3

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'879
Origin country :
n/a
Vendor Threat Intelligence
Detection:
ZeusPanda
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28280/
Detection(s):
BC.Win.Packer.Troll-14
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/390428
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247409 Sample: pandabanker_2.1.3.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 35 Malicious sample detected (through community Yara rule) 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 2 other signatures 2->41 7 pandabanker_2.1.3.exe 4 2->7         started        process3 file4 31 C:\Users\user\AppData\...\rasphone.exe, PE32 7->31 dropped 33 C:\Users\user\AppData\...\upd151cc7fc.bat, DOS 7->33 dropped 47 Detected unpacking (changes PE section rights) 7->47 49 Detected unpacking (overwrites its own PE header) 7->49 51 Drops batch files with force delete cmd (self deletion) 7->51 53 Drops executable to a common third party application directory 7->53 11 rasphone.exe 7->11         started        14 cmd.exe 1 7->14         started        16 WerFault.exe 25 10 7->16         started        18 3 other processes 7->18 signatures5 process6 signatures7 55 Antivirus detection for dropped file 11->55 57 Multi AV Scanner detection for dropped file 11->57 59 Detected unpacking (changes PE section rights) 11->59 61 6 other signatures 11->61 20 svchost.exe 11->20         started        23 svchost.exe 11->23         started        25 WerFault.exe 18 9 11->25         started        27 WerFault.exe 11->27         started        29 conhost.exe 14->29         started        process8 signatures9 43 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->43 45 Overwrites code with function prologues 20->45
Detection:
panda
Create hunting rule
Link:
https://mwdb.cert.pl/sample/be4a4c076d2644bb29e90d6dc42ce9f400a940a9d684fd9073abdca0b65c9bca/
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2016-03-23 00:34:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
10b85536fedabb3c8ca3bed5822f368ed64a09bb06b4f595ac4dc18aeb565426
PandaZeuS
1e1684d4513c0c3ad9d15fb28b65edbb505977729bc60c61dd7f69c484bc08a2
PandaZeuS
2e6634f1f1abdd8cc2d651d060631598caf6374fee5bc3cd8b246e3090e4c4fa
PandaZeuS
4352a4309cb454aa6ba59932456f32dbfee4b0b5d998d954518dcff43ff8281b
PandaZeuS
62989ab56f11701b109cddf0eb20e995c833078bb40942a8c931589497c25948
PandaZeuS
70752b45ccb4a9f987d95097e810b9cbbbfb4141ac35a0b55e55b95c67b022b0
PandaZeuS
7fed42ce016ec6ac5ea6ee1468b1f96afa55955f955471b89bb57c903f0e8fdb
PandaZeuS
a6214596a7509e1456c46502e83032adf2ca9480a0fe29403dee24094e04df67
PandaZeuS
e8012d5c00deb0a3684d7767de19e4dea2ff536060fe5671393252152b0b1d8f
PandaZeuS
f21872a03fcb62dbac5cd7ea2c92db4595f4a55906d7a91ffa6ce5cae2b84e91
PandaZeuS
+ 52 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/200719-46gh54516e/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Loads dropped DLL
Deletes itself
Reads user/profile data of web browsers
Reads user/profile data of web browsers
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/be4a4c076d2644bb29e90d6dc42ce9f400a940a9d684fd9073abdca0b65c9bca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/pandabanker/
Cape
Cape
https://www.capesandbox.com/analysis/28280/

Comments