General
Target

020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6

Size

4MB

Sample

220523-t7dthsadfr

Score
10/10
MD5

5b277bb0f8ff910dcc3dd8ac45e95f42

SHA1

464690589218f1085cf669a2b4193ac88e931047

SHA256

020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6

SHA512

e14897408966464fb3695af62ffcb6745502938bd4f6cdf3937c43bd0c4449c01cc4767b235d4c2c1c9f6f14c3aa7ec8f8dbbdb7e360fae2670016271b75336d

Malware Config
Targets
Target

020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6

MD5

5b277bb0f8ff910dcc3dd8ac45e95f42

Filesize

4MB

Score
10/10
SHA1

464690589218f1085cf669a2b4193ac88e931047

SHA256

020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6

SHA512

e14897408966464fb3695af62ffcb6745502938bd4f6cdf3937c43bd0c4449c01cc4767b235d4c2c1c9f6f14c3aa7ec8f8dbbdb7e360fae2670016271b75336d

Tags

Signatures

  • Banload

    Description

    Banload variants download malicious files, then install and execute the files.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Executes dropped EXE

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A