banload | 4fc6dbe47c2036a3e2b6ec5c8ed36ea608c30561ed8adaf89c849c3d51aeb8c0 | Triage

Sharing

General

Target

2024-04-26_8f1c9e521607a16703b6150237932720_mafia_magniber_qakbot
Size

3.4MB
Sample

240426-gf3bksae2s
MD5

8f1c9e521607a16703b6150237932720
SHA1

591edd5b57a0983c38e094508ece6e25931b9d8b
SHA256

4fc6dbe47c2036a3e2b6ec5c8ed36ea608c30561ed8adaf89c849c3d51aeb8c0
SHA512

eb2bac2be3901675adf0805ebc57274beb5ace6439d3d71be05bace21b7582893fa17c59b02c071f12ed4aa368c84f9c894fa597eebebc610a3c856e334809f0
SSDEEP

98304:4GPMSrgibDEJaQGoh0PtQAiW7Htm+4s5bNLt:4irgGEJvKHHt3HB

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-04-26_8f1c9e521607a16703b6150237932720_mafia_magniber_qakbot
- Size
  
  3.4MB
- MD5
  
  8f1c9e521607a16703b6150237932720
- SHA1
  
  591edd5b57a0983c38e094508ece6e25931b9d8b
- SHA256
  
  4fc6dbe47c2036a3e2b6ec5c8ed36ea608c30561ed8adaf89c849c3d51aeb8c0
- SHA512
  
  eb2bac2be3901675adf0805ebc57274beb5ace6439d3d71be05bace21b7582893fa17c59b02c071f12ed4aa368c84f9c894fa597eebebc610a3c856e334809f0
- SSDEEP
  
  98304:4GPMSrgibDEJaQGoh0PtQAiW7Htm+4s5bNLt:4irgGEJvKHHt3HB
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan