banload | 020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6 | Triage

Sharing

General

Target

020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6
Size

4.1MB
Sample

220523-t7dthsadfr
MD5

5b277bb0f8ff910dcc3dd8ac45e95f42
SHA1

464690589218f1085cf669a2b4193ac88e931047
SHA256

020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6
SHA512

e14897408966464fb3695af62ffcb6745502938bd4f6cdf3937c43bd0c4449c01cc4767b235d4c2c1c9f6f14c3aa7ec8f8dbbdb7e360fae2670016271b75336d

Score

10^/10

banload downloader dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6
- Size
  
  4.1MB
- MD5
  
  5b277bb0f8ff910dcc3dd8ac45e95f42
- SHA1
  
  464690589218f1085cf669a2b4193ac88e931047
- SHA256
  
  020e1fb674fb198702e16ede5a47bc7c05d9bd435bdc4d0e2ec121cb53daa3f6
- SHA512
  
  e14897408966464fb3695af62ffcb6745502938bd4f6cdf3937c43bd0c4449c01cc4767b235d4c2c1c9f6f14c3aa7ec8f8dbbdb7e360fae2670016271b75336d
Score

10^/10

banload downloader dropper evasion persistence trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasionpersistencetrojan

behavioral2

banloaddownloaderdropperevasionpersistencetrojan