banload | 86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96 | Triage

Submit
Reports

Overview

overview

Static

static

3

86f5a08e2f...6N.exe

windows7-x64

86f5a08e2f...6N.exe

windows10-2004-x64

Sharing

General

Target

86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96N
Size

3.0MB
Sample

240919-lvc3fsscmb
MD5

241795bf38c027797baf3acc1191d490
SHA1

6bfeda1bca630c32d720d151d8aed891519e1b1b
SHA256

86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96
SHA512

a2e462dd6d9e9c3114db5a661405a5ed952705090ebc8d55aeb69e442ff0f3bf776234268e044c20334ebb68e966e806636b56878a0c21abae71df2e9fcdc92c
SSDEEP

49152:vryDFQDfCT3pYSaogHtMyMpy7RYf1TW+dIO8NtAJm2+H24f1zcM6vSsrQO:vryGipaooPWGCfhW+mOmAMRHZ1nssO

Score

10^/10

banload discovery downloader dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96N.exe

Resource

win7-20240903-en

banload discovery downloader dropper evasion trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96N.exe

Resource

win10v2004-20240802-en

banload discovery downloader dropper evasion trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96N
- Size
  
  3.0MB
- MD5
  
  241795bf38c027797baf3acc1191d490
- SHA1
  
  6bfeda1bca630c32d720d151d8aed891519e1b1b
- SHA256
  
  86f5a08e2ff359cd8c64b8ebd5e0b25a22afdf6d17b74bd0aeffff598e876b96
- SHA512
  
  a2e462dd6d9e9c3114db5a661405a5ed952705090ebc8d55aeb69e442ff0f3bf776234268e044c20334ebb68e966e806636b56878a0c21abae71df2e9fcdc92c
- SSDEEP
  
  49152:vryDFQDfCT3pYSaogHtMyMpy7RYf1TW+dIO8NtAJm2+H24f1zcM6vSsrQO:vryGipaooPWGCfhW+mOmAMRHZ1nssO
Score

10^/10

banload discovery downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasiontrojan

behavioral2

banloaddiscoverydownloaderdropperevasiontrojan

© 2018-2024

Terms | Privacy