banload | 4e9eb2010a695b87992aba196d895eee1a6c2d53f9c23bea13ed15a3860b0e0b | Triage

Sharing

General

Target

5e67e79705712dbb752ced2a38755195_JaffaCakes118
Size

1.8MB
Sample

240520-lqmq4aef3w
MD5

5e67e79705712dbb752ced2a38755195
SHA1

6d03e027b5075ff19996d8eedf4a32130ef87208
SHA256

4e9eb2010a695b87992aba196d895eee1a6c2d53f9c23bea13ed15a3860b0e0b
SHA512

f7a17d725b70679de458b49e9d87c5e628e70f7a1571972600e33a5c38b6fa1a49f197e5e0398a4fe2a9fb77765d447b9d57243a35ea906f0271d31840ecee82
SSDEEP

49152:803tmtf+pnDYVsWDcbdDuDYBbp6ja42Y+6fD7kg:9M1+9DYVdkMsB4P2S8g

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  5e67e79705712dbb752ced2a38755195_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  5e67e79705712dbb752ced2a38755195
- SHA1
  
  6d03e027b5075ff19996d8eedf4a32130ef87208
- SHA256
  
  4e9eb2010a695b87992aba196d895eee1a6c2d53f9c23bea13ed15a3860b0e0b
- SHA512
  
  f7a17d725b70679de458b49e9d87c5e628e70f7a1571972600e33a5c38b6fa1a49f197e5e0398a4fe2a9fb77765d447b9d57243a35ea906f0271d31840ecee82
- SSDEEP
  
  49152:803tmtf+pnDYVsWDcbdDuDYBbp6ja42Y+6fD7kg:9M1+9DYVdkMsB4P2S8g
Score

3^/10
behavioral1 behavioral2
- Target
  
  DemostrativoExtrato.exe
- Size
  
  2.6MB
- MD5
  
  2341d1b53f57972ec2b804edcc4889fa
- SHA1
  
  9aa4e9be7146e74ff8373ce06fb0ef74800ceb84
- SHA256
  
  bae7127917ef103b10a4cc40338bf49b91e8aeb01271fd15a80c80be1f95adbf
- SHA512
  
  ed2a6bc2545a1b6a6335467d4129fe0cec6ad08594ca6783ce5eacdccd755ba02104ce3196ebd4e989434fcef774646c32e426a208f585bdde7844e0e8ea681a
- SSDEEP
  
  49152:SbYdOEn8rPSTXoUAhKkyYVyq9n0q5VWy7EeNUkRsC2iaKtF+JR:SbI+z3hKkyYVZZPtQAf32wzoR
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

banloaddownloaderdropperevasiontrojan

behavioral4

banloaddownloaderdropperevasiontrojan