banload | f6531722562c5c9a76b1da477587106c0ef92f26643280b7c993150d6065cf92 | Triage

Sharing

General

Target

2024-03-22_91f0a3e77e57a05bf18edcaf747f096e_mafia
Size

6.6MB
Sample

240322-3mpvqaae36
MD5

91f0a3e77e57a05bf18edcaf747f096e
SHA1

f0ca1fae63c790d622633854eff6a4cac4fdbf6d
SHA256

f6531722562c5c9a76b1da477587106c0ef92f26643280b7c993150d6065cf92
SHA512

82d3b038c6d2182b814730ed9d096370087d3c0082940116a81a94009d2147b1217fbf97c118dd44da901c25138a29824586c7c9f056ed6f27bca3f51f9828b1
SSDEEP

196608:eRXpv54euJpb9mOtQqkaFj2Qbww54dkrX:eRXpv54eg95rCgwwWdkr

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-03-22_91f0a3e77e57a05bf18edcaf747f096e_mafia
- Size
  
  6.6MB
- MD5
  
  91f0a3e77e57a05bf18edcaf747f096e
- SHA1
  
  f0ca1fae63c790d622633854eff6a4cac4fdbf6d
- SHA256
  
  f6531722562c5c9a76b1da477587106c0ef92f26643280b7c993150d6065cf92
- SHA512
  
  82d3b038c6d2182b814730ed9d096370087d3c0082940116a81a94009d2147b1217fbf97c118dd44da901c25138a29824586c7c9f056ed6f27bca3f51f9828b1
- SSDEEP
  
  196608:eRXpv54euJpb9mOtQqkaFj2Qbww54dkrX:eRXpv54eg95rCgwwWdkr
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan