MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: f7bcc93d67f3de8a08b9b263f62e5107baa6eb746cfbb41cff2b76646e186829
SHA3-384 hash: c102b485cde120d8d7b5425a1f48914ec99fd2efea0a123299c32add246af262eb5cbb5b3f155bc64a677f0bca6abdd6
SHA1 hash: da1e0fd15d555adc3f94425f4fd90ad3dc09f0bc
MD5 hash: 2d3f3577cb6cbe630185a4de29bf4d0e
humanhash: magazine-video-romeo-washington
File name:pandabanker_2.5.2.vir
Download: download sample
Signature PandaZeuS
File size:344'064 bytes
First seen:2020-07-19 19:27:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f389371526ee21af9622ca8568807993
ssdeep 6144:neN5saAqgzOGJ0UGWx+x7iYGj/LbOMRLhKXdg1V+rK35+R+Lr6N0:ncvAqgzOGPU7iTnSOhVV33u+6N0
TLSH D674DF11B2D08036D1B6593449739AA42F79BC325978978F7788BA3A7FF0BC15A31393
Reporter @tildedennis
Tags:pandabanker PandaZeuS


Twitter
@tildedennis
pandabanker version 2.5.2

Intelligence


File Origin
# of uploads :
1
# of downloads :
27
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Upatre
Status:
Malicious
First seen:
2017-09-13 17:52:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Identifies Wine through registry keys
Reads user/profile data of web browsers
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments