banload | 9581deeb070f51498358ac575bd6ec57843dc31bc0d4b4be222866cd4a08ddef | Triage

Submit
Reports

Overview

overview

Static

static

1

2024-08-22...er.exe

windows7-x64

2024-08-22...er.exe

windows10-2004-x64

Sharing

General

Target

2024-08-22_695cf0e0e64b17b5ffea0ca22b96cae6_floxif_magniber
Size

13.0MB
Sample

240822-axm5nasgnr
MD5

695cf0e0e64b17b5ffea0ca22b96cae6
SHA1

d2bf378c63c629b578e812ecb5540f65074c29ca
SHA256

9581deeb070f51498358ac575bd6ec57843dc31bc0d4b4be222866cd4a08ddef
SHA512

745a271fc2ed962a32efee53545d5ad5f4cae19b1c653f1d651e8fb61cdab7de8663b1b9bdbe6333b8e780400a84c7fc60f1d5e442531e677adefb3a2655e013
SSDEEP

196608:zB9nXin0GMbtHPQ6YHhATlZKvofOnn2ypPKibY3Qp66viN9ZQmV:zB9na0vbtHLEhATlZKwUn2kKZBl

Score

10^/10

banload floxif backdoor discovery downloader dropper evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2024-08-22_695cf0e0e64b17b5ffea0ca22b96cae6_floxif_magniber.exe

Resource

win7-20240705-en

banload floxif backdoor discovery downloader dropper evasion trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-08-22_695cf0e0e64b17b5ffea0ca22b96cae6_floxif_magniber.exe

Resource

win10v2004-20240802-en

banload floxif backdoor discovery downloader dropper evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-08-22_695cf0e0e64b17b5ffea0ca22b96cae6_floxif_magniber
- Size
  
  13.0MB
- MD5
  
  695cf0e0e64b17b5ffea0ca22b96cae6
- SHA1
  
  d2bf378c63c629b578e812ecb5540f65074c29ca
- SHA256
  
  9581deeb070f51498358ac575bd6ec57843dc31bc0d4b4be222866cd4a08ddef
- SHA512
  
  745a271fc2ed962a32efee53545d5ad5f4cae19b1c653f1d651e8fb61cdab7de8663b1b9bdbe6333b8e780400a84c7fc60f1d5e442531e677adefb3a2655e013
- SSDEEP
  
  196608:zB9nXin0GMbtHPQ6YHhATlZKvofOnn2ypPKibY3Qp66viN9ZQmV:zB9na0vbtHLEhATlZKwUn2kKZBl
Score

10^/10

banload floxif backdoor discovery downloader dropper evasion trojan upx
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloadfloxifbackdoordiscoverydownloaderdropperevasiontrojanupx

behavioral2

banloadfloxifbackdoordiscoverydownloaderdropperevasiontrojanupx

© 2018-2024

Terms | Privacy