banload

Sharing

Copy URL

Twitter E-mail

General

Target

e156f0d787a2a3f6f90a144aee897febf467cf12cb41d912c7246c64cdaba8f1
Size

12.5MB
Sample

240825-yqcbkstdkp
MD5

0dc3a4f10b69c77dc463c73d2b81ab3f
SHA1

eeae731a7e822d6f8735865941c12d225d1078ad
SHA256

e156f0d787a2a3f6f90a144aee897febf467cf12cb41d912c7246c64cdaba8f1
SHA512

df2604947c2370e19f30674ba55a7a5df180199a5e4da2e7096f207897fe16731702ee9301474f2f0417b3f7958f3d5024efc6401e644486ff4d1d94ede2bda5
SSDEEP

196608:238sXXwhvzEhthvl3IXZv85FOKooLo6SxeB8yx2l5qvU6fcV12vKasjU39GpJBsS:M8/tojhC0OlUHSUKlL6fcV0ya/39Gr3B

Score

10^/10

Malware Config

Extracted

Family

lumma

https://calcuatllitwop.shop/api

https://locatedblsoqp.shop/api

https://traineiwnqo.shop/api

https://millyscroqwp.shop/api

https://stagedchheiqwo.shop/api

https://stamppreewntnq.shop/api

https://caffegclasiqwp.shop/api

https://tenntysjuxmz.shop/api

https://condedqpwqm.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  8.5MB
- MD5
  
  98169506fec94c2b12ba9930ad704515
- SHA1
  
  bce662a9fb94551f648ba2d7e29659957fd6a428
- SHA256
  
  9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
- SHA512
  
  7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
- SSDEEP
  
  196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
Score

10^/10

banload lumma discovery downloader dropper evasion persistence privilege_escalation stealer trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  acdbase.dll
- Size
  
  2.9MB
- MD5
  
  6a52a380622f4fae9a76d41b85bdd01c
- SHA1
  
  8aac23a2658f6443b8ee55edbf218339d01aedf0
- SHA256
  
  c614f03143dee117d65a219f4459d15229f0ef005f7d577ce79e3ce3a32df2d3
- SHA512
  
  acdc61d770ebc25a9d9ddcc7afb2ef672ac857f03e7f90676d8356778ab37ce84534d7e03ec7a4ad7a128bd5a271fb9b5ee5b099ce1e75e121ee082fcd9beb41
- SSDEEP
  
  49152:LzvI/48LzIpH2aTZ70W6pVLOVicH+4T7snimYvtgbgwvWgfFv5COWaUsz7Xapv3n:uIpHGpVL7nimatSgSWhOWaUsz7Xapv3n
Score

1^/10
behavioral3 behavioral4
- Target
  
  api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  9f812bd3815909e559b15cb13489f294
- SHA1
  
  df751c956f59b4e3c82496d86895adc7cc1a1619
- SHA256
  
  ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75
- SHA512
  
  0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064
- SSDEEP
  
  192:j9cyRWhhWnWGxVA6VWQ4cRWstTmz56CqRqNX01k9z3A8oX9l3zX:2yRWhhWfxdlvC5DNR9zrGnb
Score

1^/10
behavioral5
- Target
  
  api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  1a72e5f24214eb723e03a22ff53f8a22
- SHA1
  
  578d1dbfb22e9ff3b10c095d6a06acaf15469709
- SHA256
  
  fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a
- SHA512
  
  530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4
- SSDEEP
  
  192:CWhhWzWvkJ0f5AbVWQ4mWluxFlZNKd2kQX01k9z3Ad4M6tyOM:CWhhW3aabtF3NNPR9zw4JtyOM
Score

1^/10
behavioral6
- Target
  
  api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  9d136bbecf98a931e6371346059b5626
- SHA1
  
  2466e66bfd88dd66c1c693cbb95ea8a91b9558cd
- SHA256
  
  7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717
- SHA512
  
  8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610
- SSDEEP
  
  192:9vh8Y17aFBRUWhhW1WGxVA6VWQ4cRWKksNQlO8X01k9z3AenWcK:RLRWhhWhxdl/KlO8R9zh4
Score

1^/10
behavioral7
- Target
  
  api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  6b39d005deb6c5ef2c9dd9e013b32252
- SHA1
  
  79a0736454befd88ba8d6bd88794d07712e38a67
- SHA256
  
  b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0
- SHA512
  
  50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f
- SSDEEP
  
  192:lmGqX8mPrpJhhf4AN5/Ki9WhhWjmWGxVA6VWQ4cRW1XZ56CqRqNX01k9z3A8oXil:lysyr7LWhhWWxdl0Z5DNR9zrG25
Score

1^/10
behavioral8
- Target
  
  api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  97f24295c9bd6e1acae0c391e68a64cf
- SHA1
  
  75700dce304c45ec330a9405523f0f22e5dcbb18
- SHA256
  
  189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28
- SHA512
  
  cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998
- SSDEEP
  
  192:6uV2OlkuWYFxEpah/WhhWQWGxVA6VWQ4cRWqfyMbNQlO8X01k9z3Aen2yMJ:DV2oFVh/WhhWoxdlH6GKlO8R9zh2yi
Score

1^/10
behavioral9
- Target
  
  api-ms-win-crt-string-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  d282a4fa046d05d40d138cc68c518914
- SHA1
  
  d5012090399f405ffe7d2fed09650e3544528322
- SHA256
  
  8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a
- SHA512
  
  718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4
- SSDEEP
  
  768:mCV5yguNvZ5VQgx3SbwA71IkFlRzoOQ9zrg:h5yguNvZ5VQgx3SbwA71IuRzez
Score

1^/10
behavioral10
- Target
  
  api-ms-win-crt-time-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  6d35a57a6d8d569f870b96e00e7f1f4d
- SHA1
  
  8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1
- SHA256
  
  f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723
- SHA512
  
  4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f
- SSDEEP
  
  192:mm3hwD2WhhWq4WGxVA6VWQ4cRWY9y56CqRqNX01k9z3A8oXTlxWBR:HWhhWVxdlG5DNR9zrG/0R
Score

1^/10
behavioral11
- Target
  
  api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  8ed70910380aa0b28317512d72762cc0
- SHA1
  
  0421518370f24f9559f96459d0798d98b81ea732
- SHA256
  
  f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0
- SHA512
  
  b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7
- SSDEEP
  
  192:Z/fHQduzWhhWqzWvkJ0f5AbVWQ42WIknbx6IVnKaQwP7yX01k9z3AcK:Z/fFWhhWq3aabObx6zaHeR9zTK
Score

1^/10
behavioral12
- Target
  
  config.prx
- Size
  
  364KB
- MD5
  
  14934caca84d5fe0288f27efb31dcbf8
- SHA1
  
  98c8c659488a5782679112e0ffb089422a664ac5
- SHA256
  
  7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
- SHA512
  
  9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
- SSDEEP
  
  3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  libmmd.dll
- Size
  
  4.0MB
- MD5
  
  42943c6acaf8d5ca953911b2bb99fc14
- SHA1
  
  ea719eafd2857b43b20228827f5596f1137ac3d5
- SHA256
  
  427ef018d494bf6cb8531ab3bbcb501ed4c8c7c6479097b33ab4d15750eccc4c
- SHA512
  
  85e71abc6db8a2e4eaad70d35ca613a918046715c8447b4c975021791f160aa3d1c4cb19969f81dd7b9f98f13dec41619c44e3c5948ae593af9c3d0cfec346fc
- SSDEEP
  
  98304:FJLi7X0J2iGkPyxtHzk8joEGIbQOpv3VzGSsJQQq:nyqCtH48UEtb5ySs2L
Score

1^/10
behavioral15 behavioral16
- Target
  
  vcruntime140.dll
- Size
  
  116KB
- MD5
  
  699dd61122d91e80abdfcc396ce0ec10
- SHA1
  
  7b23a6562e78e1d4be2a16fc7044bdcea724855e
- SHA256
  
  f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
- SHA512
  
  2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff
- SSDEEP
  
  1536:KqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbsecbWcmpCGa3QFzFtjXzp:KqvQFDUXqWn7CkRG7YecbWb9a3kDX9
Score

1^/10
behavioral17 behavioral18
- Target
  
  x64/trading_api64.dll
- Size
  
  282KB
- MD5
  
  2bca4e2c047ec969cb3cff277e7fc184
- SHA1
  
  c4b5b00b605e59c6fdcb6731f2e53069506e287a
- SHA256
  
  f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
- SHA512
  
  3819178ec650298157b1d67317e0895cb92709b106d0d8525921e341eba5e960f42434e010066bb405f1ba1619adff1a645ede58e16c4b2d88df2c90611a6cb5
- SSDEEP
  
  6144:Aa0EKzmilQBrUssevOkHcAxilMrCynC0bcLd1x:B0EZbr3se1SynC9x
Score

1^/10
behavioral19 behavioral20
- Target
  
  x64/tradingnetworkingsockets.dll
- Size
  
  4.1MB
- MD5
  
  3cf26ce759c5e261fe3ecc6451b8b08e
- SHA1
  
  b5da110034fe394a4020367404534903764473fe
- SHA256
  
  fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1
- SHA512
  
  e7b543483f38bb6338490b5c8f5da6f95e0d78b45f2b26d898cc3b58cf7c359952bfe413414cb6cd1532c3c6fd7a860026b2bec7b6d0ddfbee9a1385a62e14f2
- SSDEEP
  
  49152:kGtlqhcIU6ilVwASObX9F+LWDumqrJjAZVT4kmrqEUAYVxkG3q+XRQsmqkALD4z4:M+dl7+8z1mqkA8lv0bH1bBGZZs
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Event Triggered Execution: Component Object Model Hijacking

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22