banload | hxxp://mf[.]dwnldro[.]com/fs/Y2LwSpNg8s | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

http://mf.dwnldro.co...

windows11-21h2-x64

Sharing

General

Target

http://mf.dwnldro.com/fs/Y2LwSpNg8s
Sample

240423-dv1vhscc46

Score

10^/10

banload vidar 048d5e906358321b51376c6237a65c77 downloader dropper evasion persistence stealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://mf.dwnldro.com/fs/Y2LwSpNg8s

Resource

win11-20240412-en

banload vidar 048d5e906358321b51376c6237a65c77 downloader dropper evasion persistence stealer trojan

windows11-21h2-x64

27 signatures

600 seconds

Malware Config

Extracted

Family

vidar

Botnet

048d5e906358321b51376c6237a65c77

C2

https://redddog.xyz

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes

profile_id_v2
048d5e906358321b51376c6237a65c77
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

- Target
  
  http://mf.dwnldro.com/fs/Y2LwSpNg8s
Score

10^/10

banload vidar 048d5e906358321b51376c6237a65c77 downloader dropper evasion persistence stealer trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

banloadvidar048d5e906358321b51376c6237a65c77downloaderdropperevasionpersistencestealertrojan

© 2018-2025

Terms | Privacy