banload | 0cf043a3f5fb9235cf1e259bb5a2f019e48878c9921b0b51e277e86128764545 | Triage

Sharing

General

Target

2024-02-09_88ade30e97d083582c99ba9cd5c27d1c_mafia
Size

2.3MB
Sample

240209-gdr3tsgb2y
MD5

88ade30e97d083582c99ba9cd5c27d1c
SHA1

ae3741caaee1b8631217181a02a8e3c41f33896d
SHA256

0cf043a3f5fb9235cf1e259bb5a2f019e48878c9921b0b51e277e86128764545
SHA512

e13e5c29a161bf31c0fda5a8e29e5bf715fd73d0972d1d749eb231ef24aa6abf8081e5cd0c0e42e993666efc33ef41b8f5885a1809bf628320259afb626dabaa
SSDEEP

49152:oGhD20W2umuTgR1vulX5m5TY5bXR3joQBiv:oGd9WY/uxBNXRDBiv

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-02-09_88ade30e97d083582c99ba9cd5c27d1c_mafia
- Size
  
  2.3MB
- MD5
  
  88ade30e97d083582c99ba9cd5c27d1c
- SHA1
  
  ae3741caaee1b8631217181a02a8e3c41f33896d
- SHA256
  
  0cf043a3f5fb9235cf1e259bb5a2f019e48878c9921b0b51e277e86128764545
- SHA512
  
  e13e5c29a161bf31c0fda5a8e29e5bf715fd73d0972d1d749eb231ef24aa6abf8081e5cd0c0e42e993666efc33ef41b8f5885a1809bf628320259afb626dabaa
- SSDEEP
  
  49152:oGhD20W2umuTgR1vulX5m5TY5bXR3joQBiv:oGd9WY/uxBNXRDBiv
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan