banload | c3b1354b71f7867a7dca4661a4f6c050fb985bddbf51263a23431a8cf3a6d4d4 | Triage

Sharing

General

Target

c3b1354b71f7867a7dca4661a4f6c050fb985bddbf51263a23431a8cf3a6d4d4
Size

3.3MB
Sample

240719-wkcn2swgqa
MD5

56aec0822f42847effcdb62290f9734e
SHA1

d6c096d9460d56cd085657e189da91e7db0258bd
SHA256

c3b1354b71f7867a7dca4661a4f6c050fb985bddbf51263a23431a8cf3a6d4d4
SHA512

5487b80639cde12521409bc6f1212db362733606a80231ec891ca61b8e8898bb5d00fd93ae09b6c6ff075df54539dc4402c6b67d45ce4528a27e90b65b2c27b3
SSDEEP

98304:lNJD9SUBMNKsDteKcz8PtQA37Vj0cSHycJ0Za7AUvW:lND3B1sD+S+AcGZacuW

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  c3b1354b71f7867a7dca4661a4f6c050fb985bddbf51263a23431a8cf3a6d4d4
- Size
  
  3.3MB
- MD5
  
  56aec0822f42847effcdb62290f9734e
- SHA1
  
  d6c096d9460d56cd085657e189da91e7db0258bd
- SHA256
  
  c3b1354b71f7867a7dca4661a4f6c050fb985bddbf51263a23431a8cf3a6d4d4
- SHA512
  
  5487b80639cde12521409bc6f1212db362733606a80231ec891ca61b8e8898bb5d00fd93ae09b6c6ff075df54539dc4402c6b67d45ce4528a27e90b65b2c27b3
- SSDEEP
  
  98304:lNJD9SUBMNKsDteKcz8PtQA37Vj0cSHycJ0Za7AUvW:lND3B1sD+S+AcGZacuW
Score

10^/10

banload downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddownloaderdropperevasiontrojan

behavioral2

banloaddownloaderdropperevasiontrojan