banload | 1465ca3cbdda288b2032098fe1fa1f13ef6cfa6109d531b4b659dbafb57fb421 | Triage

Sharing

General

Target

2024-05-09_5a462e8e75bce5a7ecea4283c49ef528_mafia_magniber
Size

3.8MB
Sample

240509-x47h7sdg94
MD5

5a462e8e75bce5a7ecea4283c49ef528
SHA1

96854c763526d7909a17fa996992aab74195cb7d
SHA256

1465ca3cbdda288b2032098fe1fa1f13ef6cfa6109d531b4b659dbafb57fb421
SHA512

85618b66283f0ec425539fbac3b6092096b70e570498e23bd73300dff5473b231423223a15cf883066b64b75e452dd5295bd7cf2a24b46f340c44dcafe83b709
SSDEEP

98304:4Sfg+2KTE30bKbhPtQAecjg7ZIRGUeLFc3Rotc3RoW:4SfhrTEPBGaSUGlXbW

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-05-09_5a462e8e75bce5a7ecea4283c49ef528_mafia_magniber
- Size
  
  3.8MB
- MD5
  
  5a462e8e75bce5a7ecea4283c49ef528
- SHA1
  
  96854c763526d7909a17fa996992aab74195cb7d
- SHA256
  
  1465ca3cbdda288b2032098fe1fa1f13ef6cfa6109d531b4b659dbafb57fb421
- SHA512
  
  85618b66283f0ec425539fbac3b6092096b70e570498e23bd73300dff5473b231423223a15cf883066b64b75e452dd5295bd7cf2a24b46f340c44dcafe83b709
- SSDEEP
  
  98304:4Sfg+2KTE30bKbhPtQAecjg7ZIRGUeLFc3Rotc3RoW:4SfhrTEPBGaSUGlXbW
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan