banload | fb989b3de2b734516563e991a9565152f5751b3a936db4154920cf52bf1268b5 | Triage

Sharing

General

Target

2024-04-24_3dd1d1f8c7c7ea5fe6f7a581f78dc8e7_mafia_magniber
Size

4.5MB
Sample

240424-xgtntsfc5x
MD5

3dd1d1f8c7c7ea5fe6f7a581f78dc8e7
SHA1

63f4b9221a1e9c36985708440b0f7d23cd6d76d3
SHA256

fb989b3de2b734516563e991a9565152f5751b3a936db4154920cf52bf1268b5
SHA512

3dcf719101db35c4c13eaf25df64d1b84ac0ebc62ed9532276314371095e409d0d354f8d9fa144a6a312008e1f9e3142c6f823616884f7b197816467d38512f1
SSDEEP

98304:YxzEd6yGG7v63VumcPtQAH8nYJxHbgEqYyjW:Y1Ed6W7vayv8nYLdA

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-04-24_3dd1d1f8c7c7ea5fe6f7a581f78dc8e7_mafia_magniber
- Size
  
  4.5MB
- MD5
  
  3dd1d1f8c7c7ea5fe6f7a581f78dc8e7
- SHA1
  
  63f4b9221a1e9c36985708440b0f7d23cd6d76d3
- SHA256
  
  fb989b3de2b734516563e991a9565152f5751b3a936db4154920cf52bf1268b5
- SHA512
  
  3dcf719101db35c4c13eaf25df64d1b84ac0ebc62ed9532276314371095e409d0d354f8d9fa144a6a312008e1f9e3142c6f823616884f7b197816467d38512f1
- SSDEEP
  
  98304:YxzEd6yGG7v63VumcPtQAH8nYJxHbgEqYyjW:Y1Ed6W7vayv8nYLdA
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan