banload | ce49f7e778a5890e41f91f6d4545dd8b4ceb0ce99af4b5694441e670ac7b7aba | Triage

Sharing

General

Target

2024-04-10_ecec8da81189e1aba1573f407b9ef3b1_mafia_magniber
Size

6.1MB
Sample

240410-elk85sgb8x
MD5

ecec8da81189e1aba1573f407b9ef3b1
SHA1

d77490f97d374306eb43b7bf2395cac791d358c0
SHA256

ce49f7e778a5890e41f91f6d4545dd8b4ceb0ce99af4b5694441e670ac7b7aba
SHA512

9c1547d827af970714863f6a45896fbec083f252fc370b55e9befbd935dd81fb592ead53cede4d716f50cd1666edcf21179b5b529cb81d5585eb4609f285b109
SSDEEP

196608:48GfreYpPnswIItnpon1NDgM5DFLOyomFHKnP:48GfSWnsadpuRF

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-04-10_ecec8da81189e1aba1573f407b9ef3b1_mafia_magniber
- Size
  
  6.1MB
- MD5
  
  ecec8da81189e1aba1573f407b9ef3b1
- SHA1
  
  d77490f97d374306eb43b7bf2395cac791d358c0
- SHA256
  
  ce49f7e778a5890e41f91f6d4545dd8b4ceb0ce99af4b5694441e670ac7b7aba
- SHA512
  
  9c1547d827af970714863f6a45896fbec083f252fc370b55e9befbd935dd81fb592ead53cede4d716f50cd1666edcf21179b5b529cb81d5585eb4609f285b109
- SSDEEP
  
  196608:48GfreYpPnswIItnpon1NDgM5DFLOyomFHKnP:48GfSWnsadpuRF
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan