banload | 752fa6e4b62d30146d4639d84307a5cbbd74ef990305327cd15c7a6f070d53e4 | Triage

Sharing

General

Target

0e37aa08c3aa86989636f438c2f2bada_JaffaCakes118
Size

9.2MB
Sample

240502-l9yygaef6t
MD5

0e37aa08c3aa86989636f438c2f2bada
SHA1

561749c9926c5f9e9707e943f90010e7dd980311
SHA256

752fa6e4b62d30146d4639d84307a5cbbd74ef990305327cd15c7a6f070d53e4
SHA512

ba7165fc9ad1d42c8d6716c6e48a2d01b5be2ce3b1cbb7e95c6e106ff016f66b84575734020d20e099ea1efc8268b686ee2244abdfe4e90e3d08d960dd19e3b9
SSDEEP

196608:4Op9SL+Q3fRDXIskiz6hKZsQjvjSqCBHUfxNXlsLnrbH9ySDNjAcg:4OpQ5ciyKDjj3CBHUfxdgn3HUuNjS

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  0e37aa08c3aa86989636f438c2f2bada_JaffaCakes118
- Size
  
  9.2MB
- MD5
  
  0e37aa08c3aa86989636f438c2f2bada
- SHA1
  
  561749c9926c5f9e9707e943f90010e7dd980311
- SHA256
  
  752fa6e4b62d30146d4639d84307a5cbbd74ef990305327cd15c7a6f070d53e4
- SHA512
  
  ba7165fc9ad1d42c8d6716c6e48a2d01b5be2ce3b1cbb7e95c6e106ff016f66b84575734020d20e099ea1efc8268b686ee2244abdfe4e90e3d08d960dd19e3b9
- SSDEEP
  
  196608:4Op9SL+Q3fRDXIskiz6hKZsQjvjSqCBHUfxNXlsLnrbH9ySDNjAcg:4OpQ5ciyKDjj3CBHUfxdgn3HUuNjS
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  18adbaf253b4483e59a94be06a9135e9
- SHA1
  
  e096e87c93c80077d9726a585e52af2d46fa61ec
- SHA256
  
  62f01d82e12633f1aa677a6c8c2e34316ab422d240179d8bac8ce6582f84f6f4
- SHA512
  
  2ec8ef2486f631e63ab357420535eca64f7d7c369988967fe46adf58a6f12944de385b8002436b1ddc1e88cbc6968c6981caa0bb10168a073644fd9c2ec87f83
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  714e0ecd29f9ec555f350f38672726c7
- SHA1
  
  555b1492e782d7a30f280f2aecb64c642c1aaad3
- SHA256
  
  21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
- SHA512
  
  ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
- SSDEEP
  
  192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  28052e87fc73e2aad1db2db35eba62e7
- SHA1
  
  72e4c599b45605e36aa5fe7b39caf1eba531328f
- SHA256
  
  ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440
- SHA512
  
  7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2
- SSDEEP
  
  96:VgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tK3hhEl7y:VgiqVPgK8K9eIdE9B/tWhg7
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  960a5c48e25cf2bca332e74e11d825c9
- SHA1
  
  da35c6816ace5daf4c6c1d57b93b09a82ecdc876
- SHA256
  
  484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
- SHA512
  
  cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
- SSDEEP
  
  192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  14KB
- MD5
  
  a5a4cee2eb89d2687c05ef74299f0dba
- SHA1
  
  b9bff5987be422887f2f402357b47db2288a1a42
- SHA256
  
  cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963
- SHA512
  
  f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0
- SSDEEP
  
  384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2xE:yck76gibLCMLDLCx04HNVxE
Score

3^/10
behavioral11 behavioral12
- Target
  
  GLWorker.exe
- Size
  
  1.8MB
- MD5
  
  58d68c5de9c49583b535d80b37a2c86b
- SHA1
  
  5f2b40ab7fed681887dc80ad4ac0f209429ac5a0
- SHA256
  
  d826fa07343d92e0aa0bb8bfad1476787267b77a98d0497630dbcc2175f02ff0
- SHA512
  
  193f537553b74626bc5d0cd5020927789b07c0aef5bfe2e01e22dbdb56cf607c107a3c63b1a86afc659d23e09be6bcb16fa5d76d6565962d6e80ffcb4e770b0f
- SSDEEP
  
  49152:mvMW2NU1HlwunfJTYCtxJ/vPiLU0q5VWy7EeNk:m0hNOFwuDtxJ/vPiAPtQAk
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral13 behavioral14
- Target
  
  MagicMatch.ifn
- Size
  
  2.3MB
- MD5
  
  3deb3bddeb79506709558f971f9858d3
- SHA1
  
  f35c86873e2b55d9804167f8837801b721db848f
- SHA256
  
  cb2a6d6eeb5924b1a880e286358a6ab805d778914c78ea48b0fc3263c4b5f98e
- SHA512
  
  5a5cb5eb090aab2abbb3abdc160744427662194660c6c1fe5450d7ce24d64f083d12e8801a1bcd2e7a996c0d321c7f83045edad8d113c6b067d0c1ee58cc6b3d
- SSDEEP
  
  49152:nZ4KW+gGSIYPRZfoTGWdajO0VsUPH00q5VWy7EeN0eoktgvHgfz/P+ZgHuN:nyd+VQPRdAajO0VsOUPtQAU0gvy/P+uC
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral15 behavioral16
- Target
  
  Uninstall.exe
- Size
  
  99KB
- MD5
  
  938a3a38a1f3305e267f050f4567e259
- SHA1
  
  5f39937c32ace402530c93a8ec445ebcfe2bfdd1
- SHA256
  
  081b40881c097faa045087133cd2353386c1066f95a3f2ec2ef10a9909f3f12c
- SHA512
  
  ffe97f9960fb28d68dd9659589f01894064207b2e38d23401181bc021dc6cbfa6f920010c65938e0d020068ff414fddeb7ebc190471153f420752e8581b3c86b
- SSDEEP
  
  3072:X5TDpNFVbxDSXJF3BaVHhiLas+rgHjoc2YvH+mN:X57Tcf3BcHhkTO/nYvB
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  714e0ecd29f9ec555f350f38672726c7
- SHA1
  
  555b1492e782d7a30f280f2aecb64c642c1aaad3
- SHA256
  
  21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
- SHA512
  
  ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
- SSDEEP
  
  192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  960a5c48e25cf2bca332e74e11d825c9
- SHA1
  
  da35c6816ace5daf4c6c1d57b93b09a82ecdc876
- SHA256
  
  484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
- SHA512
  
  cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
- SSDEEP
  
  192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score

3^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

banloaddownloaderdropperevasiontrojan

behavioral14

banloaddownloaderdropperevasiontrojan

behavioral15

banloaddownloaderdropperevasiontrojan

behavioral16

banloaddownloaderdropperevasiontrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22