banload | 27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83 | Triage

Submit
Reports

Overview

overview

Static

static

27aac56d3d...83.exe

windows7-x64

27aac56d3d...83.exe

windows10-2004-x64

Sharing

General

Target

27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83
Size

3.2MB
Sample

221126-eqd1maba67
MD5

9d939a0e0267199dfe00ca6b67ce55ef
SHA1

25b73d95aeacbddd582f2368925c816c40a6dee0
SHA256

27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83
SHA512

050a623d9e6c8ab814ae89a9e510b1d1962b96d6905d1c3ca5efbebf4c673d843ec05f9f2688d22c45c69f9b914d65ca09fc9122bb597fdecfed69982efac7e3
SSDEEP

98304:XXz+eBX1C5Bs75yAsqAq01usThU1Amx6PRJTLuG:nKeV1CcZLF0Y+OmmxYCG

Score

10^/10

banload discovery downloader dropper evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83.exe

Resource

win7-20221111-en

banload discovery downloader dropper evasion trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83.exe

Resource

win10v2004-20220812-en

banload discovery downloader dropper evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83
- Size
  
  3.2MB
- MD5
  
  9d939a0e0267199dfe00ca6b67ce55ef
- SHA1
  
  25b73d95aeacbddd582f2368925c816c40a6dee0
- SHA256
  
  27aac56d3df98439a82ebd528bc6cf4446792f38b7dfb21bd379978d167a3d83
- SHA512
  
  050a623d9e6c8ab814ae89a9e510b1d1962b96d6905d1c3ca5efbebf4c673d843ec05f9f2688d22c45c69f9b914d65ca09fc9122bb597fdecfed69982efac7e3
- SSDEEP
  
  98304:XXz+eBX1C5Bs75yAsqAq01usThU1Amx6PRJTLuG:nKeV1CcZLF0Y+OmmxYCG
Score

10^/10

banload discovery downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasiontrojan

behavioral2

banloaddiscoverydownloaderdropperevasiontrojan

© 2018-2024

Terms | Privacy