banload | 6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f | Triage

Submit
Reports

Overview

overview

Static

static

3

6938783c70...0f.exe

windows7-x64

6938783c70...0f.exe

windows10-2004-x64

Sharing

General

Target

6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f
Size

5.7MB
Sample

240819-agqkvashlc
MD5

e794dedba25b3cb586a03f96e28dded1
SHA1

af7fdb73cb182eb5953f61bb0abd7521eef5c0e7
SHA256

6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f
SHA512

12f4c5b48087b54e62c12996c39ad97795bede4a0a9e5ad7222dfd7206ed7d85c703b55104ef6a62008d787affb38ebf46d76e8fa5ff9ead09dfa06349a90177
SSDEEP

98304:aYEVwE+0UXFKCr8m5xylsuAFV2WYQhM+1+u15ulWt7fbZzNTXaZLY52hJ97Mf:aYEVLCw6x/JV2MhMG+unusfsYA4

Score

10^/10

banload discovery downloader dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f.exe

Resource

win7-20240705-en

banload discovery downloader dropper evasion trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f.exe

Resource

win10v2004-20240802-en

banload discovery downloader dropper evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f
- Size
  
  5.7MB
- MD5
  
  e794dedba25b3cb586a03f96e28dded1
- SHA1
  
  af7fdb73cb182eb5953f61bb0abd7521eef5c0e7
- SHA256
  
  6938783c7097cee4abe419f9344110ab2420bcdc266893c4bf268664ddb61d0f
- SHA512
  
  12f4c5b48087b54e62c12996c39ad97795bede4a0a9e5ad7222dfd7206ed7d85c703b55104ef6a62008d787affb38ebf46d76e8fa5ff9ead09dfa06349a90177
- SSDEEP
  
  98304:aYEVwE+0UXFKCr8m5xylsuAFV2WYQhM+1+u15ulWt7fbZzNTXaZLY52hJ97Mf:aYEVLCw6x/JV2MhMG+unusfsYA4
Score

10^/10

banload discovery downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasiontrojan

behavioral2

banloaddiscoverydownloaderdropperevasiontrojan

© 2018-2024

Terms | Privacy