banload | 8ba993f644f24cc3de1acdacdbbc890aab214d73caa580f0e4f5b9b37ac9c8df | Triage

Sharing

General

Target

2024-05-18_12b16e66cba4acc09a0521020a118cb9_mafia
Size

1.9MB
Sample

240518-bezleacd99
MD5

12b16e66cba4acc09a0521020a118cb9
SHA1

0a8f5b8224ee1befa59dfc005acbf9e229a1f737
SHA256

8ba993f644f24cc3de1acdacdbbc890aab214d73caa580f0e4f5b9b37ac9c8df
SHA512

1a1e859f1fd32c73d34cd41d766ea977271f4611a86b2e33a2abb71c218aa7ceb5114ba7a727e72216bf73e348092848aafc42eae9d9a40bc46de31641f78456
SSDEEP

49152:VpO5O2GrjWsGTXfyY3u7uPWXEzTywDDZZ6ntMyMpy7G:VpO6u+mZZWPWGG

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  2024-05-18_12b16e66cba4acc09a0521020a118cb9_mafia
- Size
  
  1.9MB
- MD5
  
  12b16e66cba4acc09a0521020a118cb9
- SHA1
  
  0a8f5b8224ee1befa59dfc005acbf9e229a1f737
- SHA256
  
  8ba993f644f24cc3de1acdacdbbc890aab214d73caa580f0e4f5b9b37ac9c8df
- SHA512
  
  1a1e859f1fd32c73d34cd41d766ea977271f4611a86b2e33a2abb71c218aa7ceb5114ba7a727e72216bf73e348092848aafc42eae9d9a40bc46de31641f78456
- SSDEEP
  
  49152:VpO5O2GrjWsGTXfyY3u7uPWXEzTywDDZZ6ntMyMpy7G:VpO6u+mZZWPWGG
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan