banload | 1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18 | Triage

Sharing

General

Target

1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18
Size

5.3MB
Sample

240326-p8aq2aah29
MD5

5213e9fce595e4447ae593279d6f3b5b
SHA1

76d958b5940c6495d8331e7957ca0fc1118303f1
SHA256

1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18
SHA512

18e36db588caffac95b220001f6ffcebf4e14f6ac105a5ef2d0e5dc3acda560c2a76fc9c87be9da8f12251bdd66350a4e05526d44f5af039977857c182e1ab8a
SSDEEP

98304:DftzjPppbCngAHiMqZMqGCOmvXG6rDpNxpTF70+tC4hN4k:z5VMnkZGd426DpNxpXA4hKk

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  31AA8EC187E1241A94127336996F9CB38719EB9B
- Size
  
  404KB
- MD5
  
  226b276b333804a0a5aac78d8e11ddf0
- SHA1
  
  31aa8ec187e1241a94127336996f9cb38719eb9b
- SHA256
  
  ca805825dcaf51d1c45c71258f8ab2a67c4c880a1f252e1cd470832f7f867b54
- SHA512
  
  a9a8dc4aeea8983d62a36e892fb0d96a902e4a53742f5c0d7de9711a7bc356b84c507b8322f1bbbeb5879103ca9824653a32e0d4441227df67b179c911348e3d
- SSDEEP
  
  6144:a3sHlvDPwV6H72Hup4KZLkbQsx8wXxV1FAyaCi89T/WB8U/hcxHFCu0:/dzwVxHf4sQsx5v1FTbTOuE8HsB
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  4B356B88FB3A3DCE1F009E4E92CD4A59383E0764
- Size
  
  370KB
- MD5
  
  9146ae0009e78aa23b05850a9027a9f8
- SHA1
  
  4b356b88fb3a3dce1f009e4e92cd4a59383e0764
- SHA256
  
  20de5d0ed1402aac8bfae7b0ef4ace32a3371ba813a1fc6d3fc5ff0a8e9cab43
- SHA512
  
  ce6e0c1ea5ea47f9e81cf81f462c7c91d368a2e654794aff035cf3a9a72b6912722f81a232af826e6e6d21054c697981940ca1f26f6dfc54ce81cd90522e7f54
- SSDEEP
  
  6144:6HZ+m8oNojmtvaP4QAx9uJTrb3NZMHu3RfwAriRkrAd+cyyo0IrQb1WI:6i/PW67ZltsdGfxrQII
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  5F71BE645E8AC995555A891087B46ED357386DBE
- Size
  
  2.2MB
- MD5
  
  7c9ee8c189f40e2f9ebd2660a2d2f65d
- SHA1
  
  5f71be645e8ac995555a891087b46ed357386dbe
- SHA256
  
  8d963d220e968362d66ebae80e2849dbfb184cc57b6dbb1200c61f217f232326
- SHA512
  
  7b120ed02236604a162d9a4b33a9d9607bc77dd0fd22b9da8491263a14ded73da4d2240338cda844bc0958aa08658e577034962b95ef1cf841b5004d2688d345
- SSDEEP
  
  49152:Up+iN+FctfFTJ1fHo7OnfPd5wydwRBLH0Uz+2X:Up+d01fI7AfPSlzlX
Score

10^/10

banload downloader dropper trojan evasion
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372
- Size
  
  3.6MB
- MD5
  
  8ac04f77862e7778b0950e2beb397b79
- SHA1
  
  afd4216e93a82feebafd3a68e9308ca4b0b54372
- SHA256
  
  09d9b2d16b2ca0fe53edf26d1f22496d0205951a0be56c08625c9ffce365a35a
- SHA512
  
  61b386403ca5399d790c3cfed2f9983d553f14ebf375f505f5db20240d5c4b34be72cb87c847c36f522b36af7aa95a8bfa04d56183eb059372b8748fc1543a40
- SSDEEP
  
  49152:vi1yfyR535FTZJjPprVaHSVYdCdme3iN5l67MV4FeWaQgjJlwTnUkcNVuV9zwu:vi17RJJFKCdmeSN5lp6gtl
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral7 behavioral8
- Target
  
  B4362FCD75FD071FC8237C543C56DF5736B8E177
- Size
  
  568KB
- MD5
  
  5f7e9108d4fa09a6cd9c89f39bb51229
- SHA1
  
  b4362fcd75fd071fc8237c543c56df5736b8e177
- SHA256
  
  4f4c13acc77667713aeb86e86a44d5299f52e950e91cbdc8cf5e6663d8d8834f
- SHA512
  
  775138bd9f8bdb1718cb7d9dfd269830b00bc561b7f2c16b4f56f5c848164e9df16f10b4ff30caeabf57d232f15e549a1d4ca7b721c86ae54950648767b33159
- SSDEEP
  
  12288:m/O1fJONiudyOO1oS218FlgvrdNimaL/jNE9HiF:VON/c61Oa7baLJGHiF
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  BA8909EEF5EE280AE43B935CF4AE38CCF21BDE56
- Size
  
  366KB
- MD5
  
  81597a3dca5e7302766352fdcc2637a2
- SHA1
  
  ba8909eef5ee280ae43b935cf4ae38ccf21bde56
- SHA256
  
  d38d0696798fa5a27fb8ed8aa8b8a865d946aa2d7fee5c926eef97c7fee16f1a
- SHA512
  
  27050fa378b853e85302319ff7418f819abf9d8d006d426b83a5a1b2e084eacd4313e8c081a4be81f330bf2ac759ebc06fcd4c1a8aae776379a0665c311e482f
- SSDEEP
  
  6144:Ci7/WvtFHn58zLfavC+gXIqhboQInFcYy7gDEHHG+0htzeZ9wCXYHmF6UO8:nutQaK+tqmjGztoeZ9wCoHmoUF
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral11 behavioral12
- Target
  
  DE7CED27456A1E4581D6A4BF126F56061B7F9859
- Size
  
  347KB
- MD5
  
  5fab6fbdff1a72cd5eafdd27b5ee11a9
- SHA1
  
  de7ced27456a1e4581d6a4bf126f56061b7f9859
- SHA256
  
  e7f3335dee2769cf1c920f8977e7bcba6b1cab68a5b66b530ca704c3d32f47d1
- SHA512
  
  c52aca48d67fdd929bbb096c93e5673df38c0698e424724bb8501e75f47e39a9f178699370960bb2a2765ce2be162ba5fc4e3652e233ff3c3980f370b3c52ebd
- SSDEEP
  
  6144:JwHysR3K1IW9ngXmzmBxfNy7CYJ9POvBx1qdDTQ2yoXAVFm5SofXBdh+vzTfsk9:y9WZ901y1J9UqpTQPGZBfFu
Score

7^/10
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/diversion.dll
- Size
  
  20KB
- MD5
  
  481b2eed94394d3942ff75419e585277
- SHA1
  
  1bd2fc36ad7fe4840db4900a1e87694754b9216f
- SHA256
  
  f92af591071b79612550036f8fa711c65aff534e958cdf218731184d064c5899
- SHA512
  
  24bebd15a4396477359a302125cc259efd7c28806393b5d4b11f783f69a1c92f5a951f9d5a446abea64cff2c166681eaa4095f59c772ffc9cdc5ca89ee6eee86
- SSDEEP
  
  384:B5ThVO4xVLZ4YdgZgq6PGZiuf8oaNtTOTrF:LThM6VV4tSqE8f8oaXE
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

banloaddownloaderdroppertrojan

behavioral6

banloaddownloaderdropperevasiontrojan

behavioral7

banloaddownloaderdropperevasiontrojan

behavioral8

banloaddownloaderdropperevasiontrojan

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16