banload | e96cd76c6b5bd82187ddf657e8daa7dae805d2dd992da217f23d0332d24ea339 | Triage

Sharing

General

Target

6e215bd637ce59ce8ca473ee3c328901_JaffaCakes118
Size

2.3MB
Sample

240524-l1y7wadc42
MD5

6e215bd637ce59ce8ca473ee3c328901
SHA1

c7fd5d9e736f3c5925d210785695d4b807a7a2cc
SHA256

e96cd76c6b5bd82187ddf657e8daa7dae805d2dd992da217f23d0332d24ea339
SHA512

07ff2a4dfd0a162a7ba364108b83f270b1d25400049e99347365fc6b9eabe7cdda8308fa04a2911a2c1af91faa2ddd1da505aee3ea878f153be99f41fd17c759
SSDEEP

49152:DdyOtceaBv0ZHFQTrSuYSXx5HWncDtJGR9ePUJ80Tj7dsdqSiZn+ApZkVui:DdyEcBvWFQ1YSXx53J707dBSifkVt

Score

10^/10

banload downloader dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  Order details 20160612105629.exe
- Size
  
  2.4MB
- MD5
  
  c919f61954ae3fd695c544b81b57cd44
- SHA1
  
  91485e3debd63f969676b004a01d29ee7ee34350
- SHA256
  
  66f1bdc2091129f1bc361e606269bd9754b65f00b12613fc8b298bca0568e2f2
- SHA512
  
  3834eb2cda11830558a73af80d59cde0ef3354f393eb62188ca9de038b277f10f960d591edb3fc9f9678097365bb93f838c3ca1b30bde442e11c4ac05019ba70
- SSDEEP
  
  49152:IyCUpqemBrMxxniTruyASH1hZWJ61fFEfHOvUHuApND72nq+ilMQc+O/Zi/+r:IyCEq1rWni5ASH1/t51An7f+i2QQi/Q
Score

10^/10

banload downloader dropper evasion persistence trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasionpersistencetrojan

behavioral2

banloaddownloaderdropperevasionpersistencetrojan