8-16-2018: Panda Banker from GrandSoft->Smoke

1. Panda: 6e131928aee8964f5226cbe0a030f6a553f2a05dd21053e7b29663dbf28b016e
2.  
3. {
4. "botnet": "2.6.9",
5. "check_config": 327685,
6. "send_report": 327685,
7. "check_update": 327685,
8. "url_config": "https://uiaoduiiej.chimkent.su/5fewucaopezanxenuzebu.dat",
9. "url_webinjects": "https://uiaoduiiej.chimkent.su/webinjects.dat",
10. "url_update": "https://uiaoduiiej.chimkent.su/5fewucaopezanxenuzebu.exe",
11. "url_plugin_webinject32": "https://uiaoduiiej.chimkent.su/webinject32.bin",
12. "url_plugin_webinject64": "https://uiaoduiiej.chimkent.su/webinject64.bin",
13. "remove_csp": 1,
14. "inject_vnc": 1,
15. "url_plugin_vnc32": "https://uiaoduiiej.chimkent.su/vnc32.bin",
16. "url_plugin_vnc64": "https://uiaoduiiej.chimkent.su/vnc64.bin",
17. "url_plugin_vnc_backserver": "nityYUQPeUwsKYfNAKh7c9O8lCQ=",
18. "url_plugin_backsocks": "https://uiaoduiiej.chimkent.su/backsocks.bin",
19. "url_plugin_backsocks_backserver": "nityYUQPeUwsKYfNAKh7c9O8lCQ=",
20. "url_plugin_grabber": "https://uiaoduiiej.chimkent.su/grabber.bin",
21. "grabber_pause": 1,
22. "grab_softlist": 1,
23. "grab_pass": 1,
24. "grab_form": 1,
25. "grab_cert": 1,
26. "grab_cookie": 1,
27. "grab_del_cookie": 0,
28. "grab_del_cache": 0,
29. "url_plugin_keylogger": "https://uiaoduiiej.chimkent.su/keylogger.bin",
30. "keylog_process": "ZmlyZWZveC5leGUAY2hyb21lLmV4ZQBpZXhwbG9yZS5leGUAb3BlcmEuZXhlAAA=",
31. "screen_process": "cHV0dHkuZXhlAAA=",
32. "reserved": "JxZpa8bZHbYkIIvhyEd1cVZ/nS6URxD5wnvrDNiAjyi3xnWW8S8q9f/0ap+7kLHnW4XhNudnwRRizwE="
33. }
34.  
35.  
36.  
37. "BotInfo": {
38. "systime": UNIX,
39. "process": "svchost.exe",
40. "user": “MACHINE”,
41. "id": “BOT”,
42. "botnet": "2.6.9",
43. "version": "2.6.10",
44. "os": {
45. "version": “ID”,
46. "sp": 1,
47. "build": INT,
48. "bit": INT,
49. "server": 0,
50. "lang": INT,
51. "explorer": INT
52. }
53. }