MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4943560d76692bfd6d1e9982e717f8ae79b1577fff1d943c9aaa3d5e2f06fde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gootkit


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4943560d76692bfd6d1e9982e717f8ae79b1577fff1d943c9aaa3d5e2f06fde
SHA3-384 hash: 054c318e93a1544d0e99aab405478d3f465146d973f01547c2d5579eaf703483fd18c6109504ee9491b66791609de247
SHA1 hash: ce26ebb2070d5e0ec55f055fdafadf823979b4e7
MD5 hash: 233416e0ab343dfb8901cb23f3057446
humanhash: river-tennis-mike-queen
File name:pandabanker_2.2.4.vir
Download: download sample
Signature Gootkit
Create hunting rule
File size:123'904 bytes
First seen:2020-07-19 19:45:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b0fd9b055addb9f62962e0f74c84dcd (1 x Gootkit)
ssdeep 3072:9ZvEr051OB4uiUfkdEprzNr6ja7CmFpV+loVe:9G0OtsEIaXF1Ve
Threatray 38 similar samples on MalwareBazaar
TLSH 4DC39E73F9C784F4D79039784E8AB546AEF6EE0004BACB9393E01D475461921BB2E392
Reporter tildedennis
Tags:Gootkit pandabanker


Avatar
tildedennis
pandabanker version 2.2.4

Intelligence

File Origin
# of uploads :
1
# of downloads :
3'583
Origin country :
n/a
Vendor Threat Intelligence
Detection:
ZeusPanda
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28365/
Detection(s):
SecuriteInfo.com.Generic_r.LLA.22000.7528.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/390579
Behaviour
Behavior Graph:
Download SVG
Detection:
panda
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e4943560d76692bfd6d1e9982e717f8ae79b1577fff1d943c9aaa3d5e2f06fde/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2016-06-24 19:53:30 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0d61cc62923f2df6a74fd877cc41c5a4df61355a3ded608bab7b9dde0fb98f41
Gootkit
10b85536fedabb3c8ca3bed5822f368ed64a09bb06b4f595ac4dc18aeb565426
Gootkit
1e1684d4513c0c3ad9d15fb28b65edbb505977729bc60c61dd7f69c484bc08a2
Gootkit
4352a4309cb454aa6ba59932456f32dbfee4b0b5d998d954518dcff43ff8281b
Gootkit
70752b45ccb4a9f987d95097e810b9cbbbfb4141ac35a0b55e55b95c67b022b0
Gootkit
7fed42ce016ec6ac5ea6ee1468b1f96afa55955f955471b89bb57c903f0e8fdb
Gootkit
8b698af43c10c0509d15d39d688674f9885295a4679a4f6afffcf1714322c7a7
Gootkit
a6214596a7509e1456c46502e83032adf2ca9480a0fe29403dee24094e04df67
Gootkit
e8012d5c00deb0a3684d7767de19e4dea2ff536060fe5671393252152b0b1d8f
Gootkit
f21872a03fcb62dbac5cd7ea2c92db4595f4a55906d7a91ffa6ce5cae2b84e91
Gootkit
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
spyware evasion
Link:
https://tria.ge/reports/200719-8sk1gpx9l6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Deletes itself
Reads user/profile data of web browsers
Identifies Wine through registry keys
Loads dropped DLL
Looks for VMWare Tools registry key
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e4943560d76692bfd6d1e9982e717f8ae79b1577fff1d943c9aaa3d5e2f06fde

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/pandabanker/
Cape
Cape
https://www.capesandbox.com/analysis/28365/

Comments