banload | 86d6bbc9a8b13b6dde27a67fdd0f42858a2138e4e796a5e7cb4f67a490e4e6b9 | Triage

Sharing

General

Target

2024-05-06_51d78fb21ddaecc6bce17d9e977a3fcc_gazer_mafia
Size

4.1MB
Sample

240506-g73rescb7t
MD5

51d78fb21ddaecc6bce17d9e977a3fcc
SHA1

b320faf75aedca3a2135570377a68946147ac95d
SHA256

86d6bbc9a8b13b6dde27a67fdd0f42858a2138e4e796a5e7cb4f67a490e4e6b9
SHA512

9364f9eae67898190fc9af40ae05cc5d2de16c1c0319a4d660d4826a2e687f69a0103c18a8ea92aaa66003d098cb2721174ebb7e80fe0bfbb04bad8db2e8a45c
SSDEEP

98304:uVCRb8icj3z4tZOvPtQA7ghCT/vsGuBXKr:8CRZcj3zXr8dC

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-05-06_51d78fb21ddaecc6bce17d9e977a3fcc_gazer_mafia
- Size
  
  4.1MB
- MD5
  
  51d78fb21ddaecc6bce17d9e977a3fcc
- SHA1
  
  b320faf75aedca3a2135570377a68946147ac95d
- SHA256
  
  86d6bbc9a8b13b6dde27a67fdd0f42858a2138e4e796a5e7cb4f67a490e4e6b9
- SHA512
  
  9364f9eae67898190fc9af40ae05cc5d2de16c1c0319a4d660d4826a2e687f69a0103c18a8ea92aaa66003d098cb2721174ebb7e80fe0bfbb04bad8db2e8a45c
- SSDEEP
  
  98304:uVCRb8icj3z4tZOvPtQA7ghCT/vsGuBXKr:8CRZcj3zXr8dC
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan