banload | a910ae7472c0c439daffa7f4a04ad66986fbb3302a1f02c6fa83146e29e81b07 | Triage

Sharing

General

Target

a910ae7472c0c439daffa7f4a04ad66986fbb3302a1f02c6fa83146e29e81b07
Size

4.2MB
Sample

240523-dcdbhabc4t
MD5

4251d578622b27fc4a1249c331c0d570
SHA1

d71005ca0262a53ac006da0a04022299315ca4b5
SHA256

a910ae7472c0c439daffa7f4a04ad66986fbb3302a1f02c6fa83146e29e81b07
SHA512

bc9eca7a3b179509d70d24b6db8295b69416b84e9ade57136310c7cd65f728a506ab764b8e8c97754af67f6b4e24e7d28630c4c1a731f90c485a9ef4ee06028e
SSDEEP

98304:zvMIpCQmLLByCUl5PtQA0dSh0Mz0rt50ZM8nF:zvMGWLLIZWNRt5/I

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  a910ae7472c0c439daffa7f4a04ad66986fbb3302a1f02c6fa83146e29e81b07
- Size
  
  4.2MB
- MD5
  
  4251d578622b27fc4a1249c331c0d570
- SHA1
  
  d71005ca0262a53ac006da0a04022299315ca4b5
- SHA256
  
  a910ae7472c0c439daffa7f4a04ad66986fbb3302a1f02c6fa83146e29e81b07
- SHA512
  
  bc9eca7a3b179509d70d24b6db8295b69416b84e9ade57136310c7cd65f728a506ab764b8e8c97754af67f6b4e24e7d28630c4c1a731f90c485a9ef4ee06028e
- SSDEEP
  
  98304:zvMIpCQmLLByCUl5PtQA0dSh0Mz0rt50ZM8nF:zvMGWLLIZWNRt5/I
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan