banload | 2f63ea2f8d55438bed7b987aa258104ab53303c4dbaeae0dd04e01b4a9e326b5 | Triage

Submit
Reports

Overview

overview

Static

static

1

133058c98d...18.exe

windows7-x64

8

133058c98d...18.exe

windows10-2004-x64

Sharing

General

Target

133058c98d2a52a8b72fced973662366_JaffaCakes118
Size

98KB
Sample

240504-r6d2sabg68
MD5

133058c98d2a52a8b72fced973662366
SHA1

aa9f6e344e4dd1722adeb9adfa5943022afae627
SHA256

2f63ea2f8d55438bed7b987aa258104ab53303c4dbaeae0dd04e01b4a9e326b5
SHA512

69f42279164c1f836cc279f364acfa5f329e8c718435b4fc17ff2e941e163e0dde920ff7f00e88dbf8dc09c250385d414d639c8664582bf0bd6fb2de0b98e085
SSDEEP

1536:cTXB+5p3Bi+HpM4tmJIxqG0/7vd8xUxPpZzmbOcVf2nxqG0/7vdV8:cTs3BxJNmJIxqdLdT/ZzmKZxqdLdC

Score

10^/10

banload discovery downloader dropper evasion spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

133058c98d2a52a8b72fced973662366_JaffaCakes118.exe

Resource

win7-20240221-en

discovery spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

133058c98d2a52a8b72fced973662366_JaffaCakes118.exe

Resource

win10v2004-20240419-en

banload discovery downloader dropper evasion spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  133058c98d2a52a8b72fced973662366_JaffaCakes118
- Size
  
  98KB
- MD5
  
  133058c98d2a52a8b72fced973662366
- SHA1
  
  aa9f6e344e4dd1722adeb9adfa5943022afae627
- SHA256
  
  2f63ea2f8d55438bed7b987aa258104ab53303c4dbaeae0dd04e01b4a9e326b5
- SHA512
  
  69f42279164c1f836cc279f364acfa5f329e8c718435b4fc17ff2e941e163e0dde920ff7f00e88dbf8dc09c250385d414d639c8664582bf0bd6fb2de0b98e085
- SSDEEP
  
  1536:cTXB+5p3Bi+HpM4tmJIxqG0/7vd8xUxPpZzmbOcVf2nxqG0/7vdV8:cTs3BxJNmJIxqdLdT/ZzmKZxqdLdC
Score

10^/10

discovery spyware stealer banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

banloaddiscoverydownloaderdropperevasionspywarestealertrojan

© 2018-2025

Terms | Privacy