banload | cca4dddf00a65075d6f88a25ada6debac628685c2d8385ed3add0c2b9cdd5a1a | Triage

Sharing

General

Target

2024-04-12_4f101a5c84ca77b0ac943ae68d83b14d_magniber
Size

3.8MB
Sample

240412-gf3x4sba9s
MD5

4f101a5c84ca77b0ac943ae68d83b14d
SHA1

3ddb4efac8d63b87ddf0c68b3a119be1df2690a8
SHA256

cca4dddf00a65075d6f88a25ada6debac628685c2d8385ed3add0c2b9cdd5a1a
SHA512

fdb279c4aebed2e5bd7f3357c101d754eb2d11e5b1b9b56689c1e4370737e3be71cb40a967ae90fdd5a49675420f21f47bfe2decab902ef0ce642f846b1c4760
SSDEEP

98304:zMUcTABuTfaS3bYmh3XYeZh8gK/0zCN/dydtH7:zMUEeuTfasb33XPZatc+lUdtH7

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-04-12_4f101a5c84ca77b0ac943ae68d83b14d_magniber
- Size
  
  3.8MB
- MD5
  
  4f101a5c84ca77b0ac943ae68d83b14d
- SHA1
  
  3ddb4efac8d63b87ddf0c68b3a119be1df2690a8
- SHA256
  
  cca4dddf00a65075d6f88a25ada6debac628685c2d8385ed3add0c2b9cdd5a1a
- SHA512
  
  fdb279c4aebed2e5bd7f3357c101d754eb2d11e5b1b9b56689c1e4370737e3be71cb40a967ae90fdd5a49675420f21f47bfe2decab902ef0ce642f846b1c4760
- SSDEEP
  
  98304:zMUcTABuTfaS3bYmh3XYeZh8gK/0zCN/dydtH7:zMUEeuTfasb33XPZatc+lUdtH7
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan