banload

Sharing

Copy URL

Twitter E-mail

General

Target

ussm_setup.exe
Size

13.5MB
Sample

240617-qslc9sxblk
MD5

98b8665b96a90c222664747ba5ce87ca
SHA1

978f73a86c03e03082140ce62b8ec9befd8f68f3
SHA256

79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b
SHA512

153adbc03c7fc3172e63433fe21c2df36c162aa67d868f94b2fc5c23c016550378a043acaeeab1fdc0d27ad1cce69393f42a95d4af7880f16eb4ea444ca30585
SSDEEP

393216:TBK1BgFlNlvvA0fEPi4YGplf1oRm5TyEsOPuzffKD:TA1BgFZv4443B1oM5TZs5rW

Score

10^/10

Malware Config

Targets

- Target
  
  ussm_setup.exe
- Size
  
  13.5MB
- MD5
  
  98b8665b96a90c222664747ba5ce87ca
- SHA1
  
  978f73a86c03e03082140ce62b8ec9befd8f68f3
- SHA256
  
  79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b
- SHA512
  
  153adbc03c7fc3172e63433fe21c2df36c162aa67d868f94b2fc5c23c016550378a043acaeeab1fdc0d27ad1cce69393f42a95d4af7880f16eb4ea444ca30585
- SSDEEP
  
  393216:TBK1BgFlNlvvA0fEPi4YGplf1oRm5TyEsOPuzffKD:TA1BgFZv4443B1oM5TZs5rW
Score

10^/10

banload discovery downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1
- Target
  
  $APPDATA/Live Screensaver/$SYSDIR/Ultra Screen Saver.scr
- Size
  
  2.8MB
- MD5
  
  3866bd93ab8c237a9bc5c3d1d047c632
- SHA1
  
  7696fde299a1a1711f13d267f31b0c44a5981e97
- SHA256
  
  c05a3af16e2069e02c3c890d4dda948b0877761c9ec8a240a5e3f79e25c9f8a1
- SHA512
  
  6ef9bbe3987883214cd692f3c5abb432f78e11d965dcf1b9e1b6ed912c96df19644fef812fa69bf32be3741b6660982923568213e65dbe878946206db2a1fcc2
- SSDEEP
  
  49152:m9Qw1oLPt3cjle4VGEkKngXtX1xlH569i+PSE+GNeGarAf3sKDlUMLmV0DaTxV:m9Qw1oLPR0leq5gXtFxlH56Y+PdBN0rr
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  13KB
- MD5
  
  9e7d36edcc188e166dee9552017ac94f
- SHA1
  
  0378843fe1e7fb2ad97b8432fbdcb44faa6fc48a
- SHA256
  
  d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d
- SHA512
  
  92c31355cd124ba28c0ff9aa8fa34d5db9db0b093edb8978bc3cf94e1f72d526603d5d5c1e221dcb2ac6648bc420f4df9847c2b1e71046384d827814a77d1783
- SSDEEP
  
  192:y26NwF1FF8GqdxASZlSOnNGGPCqLXUdadWo2FfTCWWqDsYjGI5hBslft8gWNPjQo:I+8vwSZlgaJ3/4/4Q/bN
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  2f69afa9d17a5245ec9b5bb03d56f63c
- SHA1
  
  e0a133222136b3d4783e965513a690c23826aec9
- SHA256
  
  e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
- SHA512
  
  bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10
behavioral6
- Target
  
  $PLUGINSDIR/nsis_appid.dll
- Size
  
  3KB
- MD5
  
  19071761e91c43c115a16b52458869b7
- SHA1
  
  75ddb807157f1aa31a08f87be0270f60990bcbbc
- SHA256
  
  e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f
- SHA512
  
  bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c
Score

3^/10
behavioral7
- Target
  
  $SYSDIR/Live Screensaver.scr
- Size
  
  2.9MB
- MD5
  
  8c78a65d57a66d312e63ac2785fe1c91
- SHA1
  
  c7325ee8ab0ff76e6270ad9e6d41addc448e736d
- SHA256
  
  b5c06208e3101120d70b7e1f84d8bcc169432a94482126a5a9c0ff3565d86aa0
- SHA512
  
  a58542ed77b863992e8d3ed65675b31bb1e7fae9b94d8e7282d3e1e5017d4637ba302ddf6a39b286aa1508e4733fb5a37829f072e39313798afa06881794481e
- SSDEEP
  
  49152:3r9kvdQ2RdiMQdEC2El7AP/Dy5q+66UOE7qmOdGhWTjlPkZlxWeqOMMkA8xeLHAO:3r21Q4cMQdEIl70/DMq+66UOEemOdGhr
Score

1^/10
behavioral8
- Target
  
  ISCC.exe
- Size
  
  854KB
- MD5
  
  272761722fad70322be6d2f89839f329
- SHA1
  
  c894f5d96e81cf5bd8d03d6586c9bd412f508f27
- SHA256
  
  0d02e30a6ad432a50eb86f1ecf330147046e671de340bcb43a170fecbd19bf51
- SHA512
  
  ba4e0ce3a511eff43dce2999bc3905580bc19858dd1e73e5cf1b9dc7a7fa6848d11821e1db8d2af968728f2aebb18ce330cad775b640e718201d6c899b8027ef
- SSDEEP
  
  24576:u4wpMgurJoZlmqQvT3GTAB2wHmjyst5mTjqqIwp:cMgCo2qQb3GTAB2wUKL
Score

1^/10
behavioral9
- Target
  
  ISCmplr.dll
- Size
  
  1.6MB
- MD5
  
  f70a42376ca3c3b6ccec8b1b52f6018d
- SHA1
  
  24d735c4f17514ab9a68fe3344dcf0b23b99e99a
- SHA256
  
  5ea9bb338795bffa33da5581e5fe1c976a561f6dc32105635dcd518fbb5a33b4
- SHA512
  
  051720c8e9b5fa2fb754b361aee8681563d5edce393eb9bab004d496e7d5a2abfffab583936df4e7af24c11ee8f46c6973dbb52e162de0b66f187a057d764bad
- SSDEEP
  
  24576:rsJCEdnJAXtDXwzqbPywkF2SU88/v8MgH6G6ym5t:r3EjARgjU8gmH6G6Z
Score

3^/10
behavioral10
- Target
  
  ISPP.dll
- Size
  
  994KB
- MD5
  
  37f945c55cc916c2cb79eb9b063f9e46
- SHA1
  
  7ef72b485ff971d24d9d98bce4da803a28642768
- SHA256
  
  1be06b60090221d7a7d236d374ab4ff7e6a56013107f806be4bea2b79dad3703
- SHA512
  
  cce739d33e152d1606227d34c8c241954ee0643e9970a8858fad47a97c69986b715932638fa605cae3f639b208deeccc8b01b2ced135103634a830ed91e6af3e
- SSDEEP
  
  24576:+drDH1m8Eo9rep60E835vkQKMP/RXCp6N:+d1m+quEVCA
Score

3^/10
behavioral11
- Target
  
  LiveScreensaver.exe
- Size
  
  2.9MB
- MD5
  
  8c78a65d57a66d312e63ac2785fe1c91
- SHA1
  
  c7325ee8ab0ff76e6270ad9e6d41addc448e736d
- SHA256
  
  b5c06208e3101120d70b7e1f84d8bcc169432a94482126a5a9c0ff3565d86aa0
- SHA512
  
  a58542ed77b863992e8d3ed65675b31bb1e7fae9b94d8e7282d3e1e5017d4637ba302ddf6a39b286aa1508e4733fb5a37829f072e39313798afa06881794481e
- SSDEEP
  
  49152:3r9kvdQ2RdiMQdEC2El7AP/Dy5q+66UOE7qmOdGhWTjlPkZlxWeqOMMkA8xeLHAO:3r21Q4cMQdEIl70/DMq+66UOEemOdGhr
Score

1^/10
behavioral12
- Target
  
  LiveScreensaverCreator.exe
- Size
  
  3.0MB
- MD5
  
  0861956722ac7d6024aa0ea66effdf1a
- SHA1
  
  cbe8cfb187ffe468088d3758c765be4ea7028fe1
- SHA256
  
  a85954f61329d96156841dd47f9a4031c8c235277962150bf08feb159efe1c01
- SHA512
  
  2ebdb5934f39cccab64710a369019d980c118b49bd3808468f57508a9fdbbc3449e994ed8196081abe4f3df641c5ee3686e93bfc17a6edf59f7c3f7ffcfefaec
- SSDEEP
  
  49152:0JTvGfFSxbMMuL60jWz3kTCVk/8Myme34bkhRsZ1SyyIhjzfISSrYo1Y7m7n5ZTG:0VE0VMMk6HFkEMyme34bkhRsZ15h3oFG
Score

1^/10
behavioral13
- Target
  
  Setup.e32
- Size
  
  3.0MB
- MD5
  
  80de36c7c5092a3b21f923d408033df0
- SHA1
  
  55036034ab43264e53b41a7f9582e938e9ec557b
- SHA256
  
  088622096c373250d04e46de5cda072a921a89900c57988bbe52f1e308e48043
- SHA512
  
  4e4a4d6d10f8f3e732806abc9eb9d8f01455325bd92d68c6b195ced23e900c5cbd5931c5a80b8b8e6923a97face299e6965e7a8a7c2c1c6c2921db82c085a959
- SSDEEP
  
  49152:ndx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TY:sHDYsqiPRhINnq95FoHVBT333T
Score

1^/10
behavioral14
- Target
  
  SetupLdr.e32
- Size
  
  813KB
- MD5
  
  410e3415c9ff3e83d68bdb4a3b513903
- SHA1
  
  c86daeb8822baf3a4889bddbc6aeca0ca25a320c
- SHA256
  
  86154d725c21660f220e957eb6dcaf73ca609eef486dcdce6d5d7c286abd03d5
- SHA512
  
  fcc2f69c1703b0fd0aa07883246909860ecfc6077b8a78a4f0260a5979cd8d5eb56bcbb2bdf734f81ff3012a34cd822f9d380088620784b24b308dfa90a33d22
- SSDEEP
  
  6144:eS005y5u11vsH0Db0cHEdzopG5rgfLNWI0bggvVmHuUiVk2yZ/h2kfYYq4qNrCs6:eS8cmUDowAy0bgTziwE3UCuaWR0Q
Score

1^/10
behavioral15
- Target
  
  islzma.dll
- Size
  
  88KB
- MD5
  
  a3ddc4cd74cc38811ca2ab4c7e51b8f6
- SHA1
  
  07963ac2321779410262fc65ee79395d3e2463a1
- SHA256
  
  0b2e19e473a47e10578b05a2f3b43ad96603f3ee1e397c06a280c3b7458a76e2
- SHA512
  
  baaafbda169958b9855394ffc6063034e73bfe54896a05f5e64fc754d1a72d3a45d55d665c6d71e325c9433116db769bc1913cc83327c6a5394e9d1f3ddefc17
- SSDEEP
  
  1536:Q8Fao9EFoG9xSbHuBTF+RAspiHrEM3WYltVgRiPWXydWXi/X1:inxSbHuBGlYtVgRm0ydge
Score

3^/10
behavioral16
- Target
  
  ss.exe
- Size
  
  2.8MB
- MD5
  
  3866bd93ab8c237a9bc5c3d1d047c632
- SHA1
  
  7696fde299a1a1711f13d267f31b0c44a5981e97
- SHA256
  
  c05a3af16e2069e02c3c890d4dda948b0877761c9ec8a240a5e3f79e25c9f8a1
- SHA512
  
  6ef9bbe3987883214cd692f3c5abb432f78e11d965dcf1b9e1b6ed912c96df19644fef812fa69bf32be3741b6660982923568213e65dbe878946206db2a1fcc2
- SSDEEP
  
  49152:m9Qw1oLPt3cjle4VGEkKngXtX1xlH569i+PSE+GNeGarAf3sKDlUMLmV0DaTxV:m9Qw1oLPR0leq5gXtFxlH56Y+PdBN0rr
Score

1^/10
behavioral17
- Target
  
  ussm.exe
- Size
  
  3.0MB
- MD5
  
  574cf1a75223dff17950509948130d2c
- SHA1
  
  905dc7a5a65026f9798e357152446521da74f798
- SHA256
  
  b448fc254abe3a3575f9605b703951af20d0dc46c501fcba832ab23d840eeb20
- SHA512
  
  801c707be84b275d180d3df7889405dc0167ce99cb61a79e5fc900cc87bce859e23c0aab624ac2faf07abcccc1e0d345af2b6b06819d7aa183419787d72727ea
- SSDEEP
  
  49152:aTXlrbhgDtDY0tLqOhc6Xg/XiTRlVMn2v2GTQbkxRs91ryyIhjzfISSrYo1Y7mP:Wihc0tLNh1tlVs2v2GTQbkxRs91Eh3ol
Score

1^/10
behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18