banload | 9185716722b68de194c9824edc19aad783e3dddcd9bdcf20248ba81518a45247 | Triage

Sharing

General

Target

7359159bcea6a583452f54893cb66919_JaffaCakes118
Size

2.3MB
Sample

240525-1mwbdsbe8y
MD5

7359159bcea6a583452f54893cb66919
SHA1

e0df94a8bc8260964a13a983084ce487fd1a4bee
SHA256

9185716722b68de194c9824edc19aad783e3dddcd9bdcf20248ba81518a45247
SHA512

28fe90115f78035d5d0723e748b4989fe4b0e2c02a942bfa7931de3f1af5aff9eca24f16fda46ab9cc78af651a10f0baf5345e5ff28aed10d44fd64f5d54d5db
SSDEEP

49152:ZUeE2pXi92oNABETuuig+pIzUmhpbL6f+r0WNSqerZdUTyW4WUXQc:ZpE2pXi0osAiXQ5TL4LzqfWXR

Score

10^/10

banload downloader dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  Order details 20160616041125.exe
- Size
  
  2.3MB
- MD5
  
  9e991c33f9efd867b825c2fe4549b5fb
- SHA1
  
  a7ba6b2e7ee9065078aa1966fe02e2c68be2776e
- SHA256
  
  76b60081e96d6aa0c53ad703aa15ce175b8d92a38984b345898c6a726b769cc3
- SHA512
  
  e4221c5ad82a0adc3db3a77cf2dcd27eb9a55c87862b8b952cf8f1510f08f5a34b357f3d5a31c27c6587befec87a784e76095d8c4a3585d7c951453a45a08e0b
- SSDEEP
  
  49152:Ic6OpPaFwGDGBO/EaoGgF6zOcpbv16h0VOWJ8KyJ7nUPW7OuQn4b:Ic6OpPaWG8Eoxmtt1IzzKCyng
Score

10^/10

evasion persistence banload downloader dropper trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

banloaddownloaderdropperevasionpersistencetrojan