banload | 01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94 | Triage

Sharing

General

Target

01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94N
Size

5.6MB
Sample

241002-2tsdra1gkp
MD5

6b6eda5ab864b833886cd9513feada10
SHA1

9a95ea5a99db5147214687d0b20fe61a8cd898a7
SHA256

01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94
SHA512

8923b24c9e7f21fdb2f374a1dd0c03ce57c986e88a1b57a71e86be69526495e6096c37509658918312ac7474f6815e36caddfae3686caaaac7bd13f2cdf71d51
SSDEEP

98304:5mqJyrRC7XrIPWGnRFaR59cIZ/cSvojydv6:5m31CbUPBnGVZ/nJdS

Score

10^/10

banload discovery downloader dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94N
- Size
  
  5.6MB
- MD5
  
  6b6eda5ab864b833886cd9513feada10
- SHA1
  
  9a95ea5a99db5147214687d0b20fe61a8cd898a7
- SHA256
  
  01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94
- SHA512
  
  8923b24c9e7f21fdb2f374a1dd0c03ce57c986e88a1b57a71e86be69526495e6096c37509658918312ac7474f6815e36caddfae3686caaaac7bd13f2cdf71d51
- SSDEEP
  
  98304:5mqJyrRC7XrIPWGnRFaR59cIZ/cSvojydv6:5m31CbUPBnGVZ/nJdS
Score

10^/10

banload discovery downloader dropper evasion persistence trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasionpersistencetrojan

behavioral2

banloaddiscoverydownloaderdropperevasionpersistencetrojan