banload | 6abf9fcec5883b6e4d70810e60bd2d8a133a1a62bc28ca5d17dcc6f45d35214a | Triage

Sharing

General

Target

76468fca3a1a12f2a7852162bd7bc7d0_JaffaCakes118
Size

15.8MB
Sample

240526-v8q1xaec3s
MD5

76468fca3a1a12f2a7852162bd7bc7d0
SHA1

d439bfee804626bcf987cf4f8a1d9cec3abf9fec
SHA256

6abf9fcec5883b6e4d70810e60bd2d8a133a1a62bc28ca5d17dcc6f45d35214a
SHA512

c4608fa71abf1cd7d287e706890df7ce89312af0cde18c00e4dbc0f6f9aa6bccf9323ac975ac520769f6353eb634127214f7122fecacde6ace8dd1adcf7c5d0a
SSDEEP

393216:Jah5U+kSRi+EeHy6VvG9pUKFSb4l8a+0RvGSdHUUMD2:MASJVe9pN6sb5vGwUDC

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  76468fca3a1a12f2a7852162bd7bc7d0_JaffaCakes118
- Size
  
  15.8MB
- MD5
  
  76468fca3a1a12f2a7852162bd7bc7d0
- SHA1
  
  d439bfee804626bcf987cf4f8a1d9cec3abf9fec
- SHA256
  
  6abf9fcec5883b6e4d70810e60bd2d8a133a1a62bc28ca5d17dcc6f45d35214a
- SHA512
  
  c4608fa71abf1cd7d287e706890df7ce89312af0cde18c00e4dbc0f6f9aa6bccf9323ac975ac520769f6353eb634127214f7122fecacde6ace8dd1adcf7c5d0a
- SSDEEP
  
  393216:Jah5U+kSRi+EeHy6VvG9pUKFSb4l8a+0RvGSdHUUMD2:MASJVe9pN6sb5vGwUDC
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  18adbaf253b4483e59a94be06a9135e9
- SHA1
  
  e096e87c93c80077d9726a585e52af2d46fa61ec
- SHA256
  
  62f01d82e12633f1aa677a6c8c2e34316ab422d240179d8bac8ce6582f84f6f4
- SHA512
  
  2ec8ef2486f631e63ab357420535eca64f7d7c369988967fe46adf58a6f12944de385b8002436b1ddc1e88cbc6968c6981caa0bb10168a073644fd9c2ec87f83
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  714e0ecd29f9ec555f350f38672726c7
- SHA1
  
  555b1492e782d7a30f280f2aecb64c642c1aaad3
- SHA256
  
  21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
- SHA512
  
  ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
- SSDEEP
  
  192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  28052e87fc73e2aad1db2db35eba62e7
- SHA1
  
  72e4c599b45605e36aa5fe7b39caf1eba531328f
- SHA256
  
  ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440
- SHA512
  
  7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2
- SSDEEP
  
  96:VgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tK3hhEl7y:VgiqVPgK8K9eIdE9B/tWhg7
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  960a5c48e25cf2bca332e74e11d825c9
- SHA1
  
  da35c6816ace5daf4c6c1d57b93b09a82ecdc876
- SHA256
  
  484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
- SHA512
  
  cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
- SSDEEP
  
  192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  14KB
- MD5
  
  a5a4cee2eb89d2687c05ef74299f0dba
- SHA1
  
  b9bff5987be422887f2f402357b47db2288a1a42
- SHA256
  
  cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963
- SHA512
  
  f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0
- SSDEEP
  
  384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2xE:yck76gibLCMLDLCx04HNVxE
Score

3^/10
behavioral11 behavioral12
- Target
  
  GLWorker.exe
- Size
  
  1.8MB
- MD5
  
  eccc115184103ff4ed6b8d736bda1d48
- SHA1
  
  561fa93f09ddbc1f0e4f7b8d726e4fe6936989bc
- SHA256
  
  b58532b8445c52a332784f320fc3b693988b9702d0ffd280282a8f6b07b02afb
- SHA512
  
  aa823ed1d0d2ec9fdb0d909ab76d1ffca0dad61f0bcd878cf3607ace21a8c2148245af135c1f831c92b7e688b6603cde959e1a5f54e1c615ca3ab433feb79e6b
- SSDEEP
  
  49152:xzroXxa1qMtyV1MtlfJTNbVCyVOnfPd5wydww:xzroXxa1qX81bVDVAfPSw
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral13 behavioral14
- Target
  
  PictoWords.ifn
- Size
  
  3.3MB
- MD5
  
  6b4fa8b84b8736d7443105c94b7d0d69
- SHA1
  
  54918bedcaa3cb472c8cf4d7224682a3585333ca
- SHA256
  
  44c2a21ace6dbe42a5d41acebc2d9a357f11e73134e3bab60f394cc5512e753e
- SHA512
  
  ca449b683c3d18309210fc34474a12ae1e6280b980cb00a22cbcaadf7669cb4095468918c9913e5558b25148ee9d1c9ba1fa6df66c9b67e1352e1f1e88a6c6b9
- SSDEEP
  
  98304:IEE/Obvu8AfPS+u7tx5frlsMAbY4gQFwl2Uz:IEEEulvu75r2M2Y4gQF+Fz
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  Uninstall.exe
- Size
  
  85KB
- MD5
  
  1051242fb44103a5534ff0356c1b00fb
- SHA1
  
  513bf55b6813bd9ff19ca7bf2b6979a3ef8b5b1d
- SHA256
  
  a5d85bfcb4373db41295deef8d54f4591edf69403d6bb709a5ccd861455d1af7
- SHA512
  
  54670c286816ab9b853eaad0ca928e69e061eb233fa3979c2dd37fae379e50a4cc86f67504c2b0205df23c30ef2218edd23ba68caa72c5495aeeeb338728f74a
- SSDEEP
  
  1536:QCaIoX1oYOcbTMV88TXJLEDnnrmnx36FPhjtxQsOk63dcBuX6gSzR/7N:QCaZ2Yrb0VTXJYDnqxwZWX3we6Z9R
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  714e0ecd29f9ec555f350f38672726c7
- SHA1
  
  555b1492e782d7a30f280f2aecb64c642c1aaad3
- SHA256
  
  21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
- SHA512
  
  ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
- SSDEEP
  
  192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  960a5c48e25cf2bca332e74e11d825c9
- SHA1
  
  da35c6816ace5daf4c6c1d57b93b09a82ecdc876
- SHA256
  
  484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
- SHA512
  
  cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
- SSDEEP
  
  192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score

3^/10
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

banloaddownloaderdropperevasiontrojan

behavioral14

banloaddownloaderdropperevasiontrojan

behavioral15

banloaddownloaderdropperevasiontrojan

behavioral16

banloaddownloaderdropperevasiontrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22