Overview

overview

10

Static

static

3

31AA8EC187...9B.exe

windows7-x64

7

31AA8EC187...9B.exe

windows10-2004-x64

7

4B356B88FB...64.exe

windows7-x64

7

4B356B88FB...64.exe

windows10-2004-x64

7

5F71BE645E...BE.exe

windows7-x64

10

5F71BE645E...BE.exe

windows10-2004-x64

10

AFD4216E93...72.exe

windows7-x64

10

AFD4216E93...72.exe

windows10-2004-x64

10

B4362FCD75...77.exe

windows7-x64

7

B4362FCD75...77.exe

windows10-2004-x64

7

BA8909EEF5...56.exe

windows7-x64

7

BA8909EEF5...56.exe

windows10-2004-x64

7

DE7CED2745...59.exe

windows7-x64

7

DE7CED2745...59.exe

windows10-2004-x64

7

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372.exe

  • Size

    3.6MB

  • MD5

    8ac04f77862e7778b0950e2beb397b79

  • SHA1

    afd4216e93a82feebafd3a68e9308ca4b0b54372

  • SHA256

    09d9b2d16b2ca0fe53edf26d1f22496d0205951a0be56c08625c9ffce365a35a

  • SHA512

    61b386403ca5399d790c3cfed2f9983d553f14ebf375f505f5db20240d5c4b34be72cb87c847c36f522b36af7aa95a8bfa04d56183eb059372b8748fc1543a40

  • SSDEEP

    49152:vi1yfyR535FTZJjPprVaHSVYdCdme3iN5l67MV4FeWaQgjJlwTnUkcNVuV9zwu:vi17RJJFKCdmeSN5lp6gtl

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 4 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372.exe
    "C:\Users\Admin\AppData\Local\Temp\AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of AdjustPrivilegeToken
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2376-0-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/2376-1-0x00000000035D0000-0x00000000037D0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2376-7-0x00000000035D0000-0x00000000037D0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2376-13-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download