MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PandaZeuS

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829
SHA3-384 hash:	c102b485cde120d8d7b5425a1f48914ec99fd2efea0a123299c32add246af262eb5cbb5b3f155bc64a677f0bca6abdd6
SHA1 hash:	da1e0fd15d555adc3f94425f4fd90ad3dc09f0bc
MD5 hash:	2d3f3577cb6cbe630185a4de29bf4d0e
humanhash:	magazine-video-romeo-washington
File name:	pandabanker_2.5.2.vir
Download:	download sample
Signature	PandaZeuS Create hunting rule
File size:	344'064 bytes
First seen:	2020-07-19 19:27:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f389371526ee21af9622ca8568807993 (1 x PandaZeuS)
ssdeep	6144:neN5saAqgzOGJ0UGWx+x7iYGj/LbOMRLhKXdg1V+rK35+R+Lr6N0:ncvAqgzOGPU7iTnSOhVV33u+6N0
Threatray	49 similar samples on MalwareBazaar
TLSH	D674DF11B2D08036D1B6593449739AA42F79BC325978978F7788BA3A7FF0BC15A31393
Reporter	tildedennis
Tags:	pandabanker PandaZeuS

tildedennis

pandabanker version 2.5.2

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'881

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.SCGeneric6.AEJN.26158.27126.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Unauthorized injection to a recently created process

Connection attempt to an infection source

Malware family:

Panda Banker

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e1109845-8e0e-4721-b0ce-a5e615251223

Detection:

panda

Link:

https://mwdb.cert.pl/sample/f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829/

Threat name:

Win32.Trojan.Upatre

Status:

Malicious

First seen:

2017-09-13 17:52:00 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Verdict:

suspicious

Similar samples:

1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604

2ed58cba6fbba892cde349ea6759ddbe197bcc1adf9c55801b30ccd3d28ec55f

347ec9d5455536ace4c650476001fb0511d5ea5f734a951b523ade3001472dd4

68e7c82cc5535b87b0e1310f9a054432944b6efa0471e2b03101554bdf7decc2

7b673f65dfb02aea2b7fe950c749c17a953d2b9514aa78c663aac6c002b6bf6b

8f3b0ef6f4cd6df460722293345a683c186c33bca3f41e1239111ec6868efd3d

9b322d3c3a5bd842ae2563f5eb2ae4cf7957132311ccf051d7bfeb4601866a33

a823a4702ff08fa0b0b70a2f781fe36db904ec2d975f58a5f9d44e85f4b85740

c86fd81aede1a694f978ee09be2f16c6bcd335741538e666883d69dbb9c4c1ae

fd869766f1f735b4c1479ec1300fd63f4a203142e4ed0e6ac18f05d1cdba3ac8

+ 39 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

evasion spyware

Link:

https://tria.ge/reports/200719-yyw3va2p12/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in System32 directory

Identifies Wine through registry keys

Reads user/profile data of web browsers

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/pandabanker/

Cape

Cape

https://www.capesandbox.com/analysis/28190/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample