banload | 6d52424ffe9949314bc287200d4239c1adf5a11b548867a9a878da006d5e0f50 | Triage

Sharing

General

Target

6d52424ffe9949314bc287200d4239c1adf5a11b548867a9a878da006d5e0f50
Size

7.2MB
Sample

240325-qspexshd42
MD5

1f07c6382f947a70c8f87480ebf10a82
SHA1

17900fdec9d5c3ca3011234bb99902b0774321fd
SHA256

6d52424ffe9949314bc287200d4239c1adf5a11b548867a9a878da006d5e0f50
SHA512

5620c2d221de0ac6de0a69efe60247d0cf4d90228306a7b5202d1e95d1caadc4ecb97f75a2617f5c896ecdb9f43e22a103d36c1718714e74fd7253f601119d5d
SSDEEP

196608:JVV69WJGjbavkSEXjF/f4E/7KgfBaQh7dF/d:JVV68JU+x+FH+gZaq5X

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  6d52424ffe9949314bc287200d4239c1adf5a11b548867a9a878da006d5e0f50
- Size
  
  7.2MB
- MD5
  
  1f07c6382f947a70c8f87480ebf10a82
- SHA1
  
  17900fdec9d5c3ca3011234bb99902b0774321fd
- SHA256
  
  6d52424ffe9949314bc287200d4239c1adf5a11b548867a9a878da006d5e0f50
- SHA512
  
  5620c2d221de0ac6de0a69efe60247d0cf4d90228306a7b5202d1e95d1caadc4ecb97f75a2617f5c896ecdb9f43e22a103d36c1718714e74fd7253f601119d5d
- SSDEEP
  
  196608:JVV69WJGjbavkSEXjF/f4E/7KgfBaQh7dF/d:JVV68JU+x+FH+gZaq5X
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan