{
	"id": "0724b07c-0b72-4389-9125-633459b8d32c",
	"created_at": "2026-04-06T00:12:45.376872Z",
	"updated_at": "2026-04-10T03:21:47.854862Z",
	"deleted_at": null,
	"sha1_hash": "36f5ccf8ec37443169390a51b8e35ebf6a5ae07d",
	"title": "PandaBanker (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29252,
	"plain_text": "PandaBanker (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:35:56 UTC\r\nAccording to Arbor, Forcepoint and Proofpoint, Panda is a variant of the well-known Zeus banking trojan(*). Fox\r\nIT discovered it in February 2016.\r\nThis banking trojan uses the infamous ATS (Automatic Transfer System/Scripts) to automate online bank portal\r\nactions.\r\nThe baseconfig (c2, crypto material, botnet name, version) is embedded in the malware itself. It then obtains a\r\ndynamic config from the c2, with further information about how to grab the webinjects and additional modules,\r\nsuch as vnc, backsocks and grabber.\r\nPanda does have some DGA implemented, but according to Arbor, a bug prevents it from using it.\r\n[TLP:WHITE] win_pandabanker_auto (20251219 | Detects win.pandabanker.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.pandabanker\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.pandabanker\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.pandabanker"
	],
	"report_names": [
		"win.pandabanker"
	],
	"threat_actors": [],
	"ts_created_at": 1775434365,
	"ts_updated_at": 1775791307,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/36f5ccf8ec37443169390a51b8e35ebf6a5ae07d.pdf",
		"text": "https://archive.orkl.eu/36f5ccf8ec37443169390a51b8e35ebf6a5ae07d.txt",
		"img": "https://archive.orkl.eu/36f5ccf8ec37443169390a51b8e35ebf6a5ae07d.jpg"
	}
}