MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4943560d76692bfd6d1e9982e717f8ae79b1577fff1d943c9aaa3d5e2f06fde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: e4943560d76692bfd6d1e9982e717f8ae79b1577fff1d943c9aaa3d5e2f06fde
SHA3-384 hash: 054c318e93a1544d0e99aab405478d3f465146d973f01547c2d5579eaf703483fd18c6109504ee9491b66791609de247
SHA1 hash: ce26ebb2070d5e0ec55f055fdafadf823979b4e7
MD5 hash: 233416e0ab343dfb8901cb23f3057446
humanhash: river-tennis-mike-queen
File name:pandabanker_2.2.4.vir
Download: download sample
Signature Gootkit
File size:123'904 bytes
First seen:2020-07-19 19:45:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b0fd9b055addb9f62962e0f74c84dcd
ssdeep 3072:9ZvEr051OB4uiUfkdEprzNr6ja7CmFpV+loVe:9G0OtsEIaXF1Ve
TLSH 4DC39E73F9C784F4D79039784E8AB546AEF6EE0004BACB9393E01D475461921BB2E392
Reporter @tildedennis
Tags:Gootkit pandabanker


Twitter
@tildedennis
pandabanker version 2.2.4

Intelligence


File Origin
# of uploads :
1
# of downloads :
46
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
ZeusPanda
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2016-06-24 19:53:30 UTC
AV detection:
22 of 29 (75.86%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
spyware evasion
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks BIOS information in registry
Deletes itself
Reads user/profile data of web browsers
Identifies Wine through registry keys
Loads dropped DLL
Looks for VMWare Tools registry key
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments