banload | eefe846992c0738e9936280e2829f46ca4e2385d376cf1636ea16a62d7ede897 | Triage

Sharing

General

Target

2024-02-02_c3412f4f0550cc54a1cb8d5fc2659ae4_magniber
Size

2.5MB
Sample

240202-lvksasddaq
MD5

c3412f4f0550cc54a1cb8d5fc2659ae4
SHA1

6eafcbab41f26a41e956c49b3777195c1992714a
SHA256

eefe846992c0738e9936280e2829f46ca4e2385d376cf1636ea16a62d7ede897
SHA512

07bd93e0185d961f26162498718da8495771313d5f4ff97de8188d1e299943c0949f5b5e5de31a6b63419d7b78a760a3dfd6b60bdeafc1d7066b12970fc06b3a
SSDEEP

49152:0CzSQWNzjT67X2Z5zOnfPd5wydwN68DX8WzR70BJ:0CzuE7X2DzAfPSNFX8WzxCJ

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-02-02_c3412f4f0550cc54a1cb8d5fc2659ae4_magniber
- Size
  
  2.5MB
- MD5
  
  c3412f4f0550cc54a1cb8d5fc2659ae4
- SHA1
  
  6eafcbab41f26a41e956c49b3777195c1992714a
- SHA256
  
  eefe846992c0738e9936280e2829f46ca4e2385d376cf1636ea16a62d7ede897
- SHA512
  
  07bd93e0185d961f26162498718da8495771313d5f4ff97de8188d1e299943c0949f5b5e5de31a6b63419d7b78a760a3dfd6b60bdeafc1d7066b12970fc06b3a
- SSDEEP
  
  49152:0CzSQWNzjT67X2Z5zOnfPd5wydwN68DX8WzR70BJ:0CzuE7X2DzAfPSNFX8WzxCJ
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan