Overview

overview

10

Static

static

3

2024-05-03...il.exe

windows7-x64

10

2024-05-03...il.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-03_60aeb282b4d569f26e42bbd74325dde7_mafia_magniber_revil

  • Size

    9.6MB

  • Sample

    240503-wl4h6afc24

  • MD5

    60aeb282b4d569f26e42bbd74325dde7

  • SHA1

    0057fb805d9bc925ae241679294175c13ae49bc7

  • SHA256

    2e5178321fa590277b0e9e607c78eeb30481abf8c367446f76a98a60c35ab867

  • SHA512

    715329d8d33e5aad0dc73138e79f3e288ac267fc2ed77f1d7a147dfb883951fa2e70ce2b7db07f07097bd52f331f76de0b270e5bd31f1b466693b8226d43be69

  • SSDEEP

    196608:S+SYrVq63pwLfqeopHrD0siLAKhiCH3Kaimdmr6HGvHTUBDFpg//Npp:S+SYrVq6ZwLfqhp/0TLAKJXfSr6HCHTd

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Targets

    • Target

      2024-05-03_60aeb282b4d569f26e42bbd74325dde7_mafia_magniber_revil

    • Size

      9.6MB

    • MD5

      60aeb282b4d569f26e42bbd74325dde7

    • SHA1

      0057fb805d9bc925ae241679294175c13ae49bc7

    • SHA256

      2e5178321fa590277b0e9e607c78eeb30481abf8c367446f76a98a60c35ab867

    • SHA512

      715329d8d33e5aad0dc73138e79f3e288ac267fc2ed77f1d7a147dfb883951fa2e70ce2b7db07f07097bd52f331f76de0b270e5bd31f1b466693b8226d43be69

    • SSDEEP

      196608:S+SYrVq63pwLfqeopHrD0siLAKhiCH3Kaimdmr6HGvHTUBDFpg//Npp:S+SYrVq6ZwLfqhp/0TLAKJXfSr6HCHTd

    Score
    10/10
    banloaddownloaderdropperevasiontrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks