General

  • Target

    01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94N

  • Size

    5.6MB

  • Sample

    241002-vatzxawhpm

  • MD5

    6b6eda5ab864b833886cd9513feada10

  • SHA1

    9a95ea5a99db5147214687d0b20fe61a8cd898a7

  • SHA256

    01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94

  • SHA512

    8923b24c9e7f21fdb2f374a1dd0c03ce57c986e88a1b57a71e86be69526495e6096c37509658918312ac7474f6815e36caddfae3686caaaac7bd13f2cdf71d51

  • SSDEEP

    98304:5mqJyrRC7XrIPWGnRFaR59cIZ/cSvojydv6:5m31CbUPBnGVZ/nJdS

Malware Config

Targets

    • Target

      01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94N

    • Size

      5.6MB

    • MD5

      6b6eda5ab864b833886cd9513feada10

    • SHA1

      9a95ea5a99db5147214687d0b20fe61a8cd898a7

    • SHA256

      01a888677b3451748982fca9cfc80d45b5f9ea851312aac42bb68f517ad32c94

    • SHA512

      8923b24c9e7f21fdb2f374a1dd0c03ce57c986e88a1b57a71e86be69526495e6096c37509658918312ac7474f6815e36caddfae3686caaaac7bd13f2cdf71d51

    • SSDEEP

      98304:5mqJyrRC7XrIPWGnRFaR59cIZ/cSvojydv6:5m31CbUPBnGVZ/nJdS

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks