banload

Sharing

General

Target

a018d982de88102f7beebc90211c3c7f.bin
Size

19.7MB
Sample

241006-qlvy5azgld
MD5

11dbe789228fe6d2425050b82c151d41
SHA1

9d79bf2898eb488e2258140d732e236a12b5b1fe
SHA256

3eb1e11e6b8dfe05f3ba9e9cd05b48327dd88a2314a4fad03c30d1282d2974f9
SHA512

35f00a93f544e8ee9db46c59f4072d6ad365c3b6744d4929c734a6f69a9ea37ae1fb08a122c802b61c59bedc91c1c947d1f7a9c75bc99eb0e09561fbe6a0fdf3
SSDEEP

393216:bkMy0uWaKrwSFahMntStCkSxQYmtdt2W2ThQhnmFBh:bkMy0EKsSFNn9kSxQYKaThQK

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

9.2

Botnet

048d5e906358321b51376c6237a65c77

https://redddog.xyz

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes

profile_id_v2
048d5e906358321b51376c6237a65c77
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/Setup.exe
- Size
  
  8.5MB
- MD5
  
  98169506fec94c2b12ba9930ad704515
- SHA1
  
  bce662a9fb94551f648ba2d7e29659957fd6a428
- SHA256
  
  9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
- SHA512
  
  7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
- SSDEEP
  
  196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
Score

10^/10

banload vidar 048d5e906358321b51376c6237a65c77 discovery downloader dropper evasion persistence privilege_escalation stealer trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/acdbase.dll
- Size
  
  2.9MB
- MD5
  
  dace23695dcfa0f7309b65366ac75bc0
- SHA1
  
  c5b1bad2dec36852fae90f81f0dbd00518479c01
- SHA256
  
  cf8b85beeff99b13d06ed15c79e555ab74e30dfa1491a36c4332f54ed09887e4
- SHA512
  
  0e1e5fc158fb39c3c3c7733226cb846407cd01ca1c49800fb7668134ebef129ab43030f2768a8b149b5ba9a18b2d1b0f8bf23d1a8de487a482e9268e0b679bbb
- SSDEEP
  
  49152:yQzvI/48LzIpH2aTZ70W6pVLOVicH+4T7snimYvtgbgwvWgfFv5COWaUsz7XapvL:yrIpHGpVL7nimatSgSWhOWaUsz7XapvL
Score

1^/10
behavioral3 behavioral4
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  9f812bd3815909e559b15cb13489f294
- SHA1
  
  df751c956f59b4e3c82496d86895adc7cc1a1619
- SHA256
  
  ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75
- SHA512
  
  0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064
- SSDEEP
  
  192:j9cyRWhhWnWGxVA6VWQ4cRWstTmz56CqRqNX01k9z3A8oX9l3zX:2yRWhhWfxdlvC5DNR9zrGnb
Score

1^/10
behavioral5
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  1a72e5f24214eb723e03a22ff53f8a22
- SHA1
  
  578d1dbfb22e9ff3b10c095d6a06acaf15469709
- SHA256
  
  fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a
- SHA512
  
  530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4
- SSDEEP
  
  192:CWhhWzWvkJ0f5AbVWQ4mWluxFlZNKd2kQX01k9z3Ad4M6tyOM:CWhhW3aabtF3NNPR9zw4JtyOM
Score

1^/10
behavioral6
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  9d136bbecf98a931e6371346059b5626
- SHA1
  
  2466e66bfd88dd66c1c693cbb95ea8a91b9558cd
- SHA256
  
  7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717
- SHA512
  
  8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610
- SSDEEP
  
  192:9vh8Y17aFBRUWhhW1WGxVA6VWQ4cRWKksNQlO8X01k9z3AenWcK:RLRWhhWhxdl/KlO8R9zh4
Score

1^/10
behavioral7
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  6b39d005deb6c5ef2c9dd9e013b32252
- SHA1
  
  79a0736454befd88ba8d6bd88794d07712e38a67
- SHA256
  
  b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0
- SHA512
  
  50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f
- SSDEEP
  
  192:lmGqX8mPrpJhhf4AN5/Ki9WhhWjmWGxVA6VWQ4cRW1XZ56CqRqNX01k9z3A8oXil:lysyr7LWhhWWxdl0Z5DNR9zrG25
Score

1^/10
behavioral8
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  97f24295c9bd6e1acae0c391e68a64cf
- SHA1
  
  75700dce304c45ec330a9405523f0f22e5dcbb18
- SHA256
  
  189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28
- SHA512
  
  cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998
- SSDEEP
  
  192:6uV2OlkuWYFxEpah/WhhWQWGxVA6VWQ4cRWqfyMbNQlO8X01k9z3Aen2yMJ:DV2oFVh/WhhWoxdlH6GKlO8R9zh2yi
Score

1^/10
behavioral9
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-string-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  d282a4fa046d05d40d138cc68c518914
- SHA1
  
  d5012090399f405ffe7d2fed09650e3544528322
- SHA256
  
  8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a
- SHA512
  
  718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4
- SSDEEP
  
  768:mCV5yguNvZ5VQgx3SbwA71IkFlRzoOQ9zrg:h5yguNvZ5VQgx3SbwA71IuRzez
Score

1^/10
behavioral10
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-time-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  6d35a57a6d8d569f870b96e00e7f1f4d
- SHA1
  
  8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1
- SHA256
  
  f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723
- SHA512
  
  4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f
- SSDEEP
  
  192:mm3hwD2WhhWq4WGxVA6VWQ4cRWY9y56CqRqNX01k9z3A8oXTlxWBR:HWhhWVxdlG5DNR9zrG/0R
Score

1^/10
behavioral11
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  8ed70910380aa0b28317512d72762cc0
- SHA1
  
  0421518370f24f9559f96459d0798d98b81ea732
- SHA256
  
  f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0
- SHA512
  
  b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7
- SSDEEP
  
  192:Z/fHQduzWhhWqzWvkJ0f5AbVWQ42WIknbx6IVnKaQwP7yX01k9z3AcK:Z/fFWhhWq3aabObx6zaHeR9zTK
Score

1^/10
behavioral12
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/libmmd.dll
- Size
  
  4.0MB
- MD5
  
  b450502e725a31d8057b4eab0715725f
- SHA1
  
  d9c08c3d68b383eb783815ebac78b37003eab01c
- SHA256
  
  e7500acfa41668f641e1272d17ff33a2924b5c6a3cf61686b50789d5ace51c33
- SHA512
  
  4fed4bb2e5d29e0fd11907e6e01abaaf13860972bf90d798374e8e7900f143badd41869b93aa06cf15efddeb275bdf624e0b7f88816ff2dfd1f380aa0c19c1f5
- SSDEEP
  
  98304:eJLi7X0J2iGkPyxtsSk8joEGIbQOpv3VzGrsJQQb:kyqCtsz8UEtb5yrs2C
Score

1^/10
behavioral13 behavioral14
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/stich.pptx
- Size
  
  82KB
- MD5
  
  4405a43c55d7cb0d2836c0e2ef415932
- SHA1
  
  ec94c3a4b475b8b7edc2526bf24a02a366587392
- SHA256
  
  5c3ce1831ebf67eec26a6a0136562f7ed8e16a96ed34aca5d3412fb36239a163
- SHA512
  
  f83cb3c805916ebbec2b2bd93352c47dbf968859b89a90807e3f839a547dc47b9ba63731e0a4dc819557d16d47bdebb42807a836a9c5feba4812790ef7ea148c
- SSDEEP
  
  1536:yodKKCJYnYYCyS2eMpqN44zN4xlQLPzLN8/xh/cRBt:yok5KUXbfz1DzSxh/On
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/updater.ini
- Size
  
  25KB
- MD5
  
  91e2d2af70ed5e2abdfa2df50fbfaf35
- SHA1
  
  5d444597a4f6a46ea709b970ac8b117015685706
- SHA256
  
  b2c04a568ac068f8bb2214307e5616468e2a53dbfca9f57e2ab90d140bc29e1a
- SHA512
  
  0fdc99d1adb18b39a101b4fb0b214b34534bcc616c142a985be1915825ed70426d2bfbbad3b0e227d4369f3de4ea2cace6f7e99f6e7b083cea3f91dd9d03f61d
- SSDEEP
  
  384:5OzjkFGyyCMy8tS0HN05IPdSbdij7AhVc8l1ZxAzUtJBz07cJbU59FkGNGb5hiXQ:AC38tSY6ouwh8UUtJBz07/8riXiRn
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/vcruntime140.dll
- Size
  
  116KB
- MD5
  
  699dd61122d91e80abdfcc396ce0ec10
- SHA1
  
  7b23a6562e78e1d4be2a16fc7044bdcea724855e
- SHA256
  
  f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
- SHA512
  
  2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff
- SSDEEP
  
  1536:KqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbsecbWcmpCGa3QFzFtjXzp:KqvQFDUXqWn7CkRG7YecbWb9a3kDX9
Score

1^/10
behavioral19 behavioral20
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/AzureKeyVaultDgssLib.dll
- Size
  
  373KB
- MD5
  
  34ae0787cdfcb920753763251dcf83de
- SHA1
  
  a41d5d58d21300e8418dbd354f46bba425fa9611
- SHA256
  
  3eee708fdcc68fe76ac4cc7adba90201912c63cd815717f91a5eabba1170af0d
- SHA512
  
  c8684bf3441fa5fb6a0e38df6bb9f728502e78f55eb9382ff168adab081440c37277497804fb1246a13e1f625aaa1858e39f62780c5c426edf3d825f9a739bc7
- SSDEEP
  
  6144:UbJLUIAs2A/QRth5FMjvgQKMBTaJq+jqBTSMNGx6:UbJciQRth5FMjvg9MEJMFpGI
Score

1^/10
behavioral21 behavioral22
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/BugReporter
- Size
  
  521KB
- MD5
  
  29d33ee7f3fa0ee7f52ae96732c90f48
- SHA1
  
  a781620a7bcff615d4dc64751b30287814200d13
- SHA256
  
  b8b06487ee2c2f2a4ae25d1e7a08a9ce831539a529fe2ed0e8841e5f7c42de90
- SHA512
  
  7b0076d73dc6ed561b8294ed7687f5d0d285b080b2f12bc49623690e32ccd6a2161232860f906aa151f04950587befae49793130f5f6e2ff13453a401862d856
- SSDEEP
  
  12288:pFU4ZwXnyWu9wHXspsSlxuw2xyJGS3mrxWI7n3OqiHThrmotbY7rSrZWZlJmwJIH:pyellxAxyJGS3mrxWI7n3OqiHThrmotD
Score

1^/10
behavioral23 behavioral24
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/ComExtractor
- Size
  
  618KB
- MD5
  
  36848dd965ff265d696fff4f2d51935e
- SHA1
  
  68c6390741c490adf2802c84e06a3b90a3c308ea
- SHA256
  
  d66ee1d1e44feb03d7821062ce27e92da0fa78f7e47a451b7b1d4b94860dd309
- SHA512
  
  6c3e9cdce928a78b9ea997954043ff82b2767a29b519116884e616b8aaa48668ccd051ed4607830bd7b59e32671e563939d180e576ae91752f854081b84b35af
- SSDEEP
  
  12288:pRP0qhnnyfYZtOUdSK+jgsVGmzyg4J5EA:fP0DgsVzyJ5EA
Score

1^/10
behavioral25 behavioral26
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/Microsoft.Toolkit.Win32.UI.XamlHost.dll
- Size
  
  108KB
- MD5
  
  1f4379d416af34033857bb439057cee0
- SHA1
  
  a779714e9fe715aad9db2218a4b761ab77e873b9
- SHA256
  
  98a87914e37600c7f97a27ca603a6b994dd51ffd390ce5b34e073939d258c2f4
- SHA512
  
  cdaa3d8727e287eeaddfd58e04f292bd8daf7671a2942f99a023f31037cc8b76dce5c0566d6c0664b24403930bdd9396b27af208c313a28010e7eb9f850ba881
- SSDEEP
  
  1536:WPiq7mAYLZ/kEglj55rEzGJT45rhh9esSTrXjnwVijXXyNGF1ZvLzmFiXxnBjYh2:6sxkEDGJk5rYk9Y
Score

1^/10
behavioral27 behavioral28
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/WinUiBootstrapper.dll
- Size
  
  896KB
- MD5
  
  290538fceae682f2cfc3580e01fa7d28
- SHA1
  
  12df9dc416d48f90a5ee5648abd1479dcc5dc327
- SHA256
  
  c0cfd5ecd4fa7c78eee91c4a2e7963e805513a88ad376772108b9b0c54bb8551
- SHA512
  
  089986cfe48fbdc889322796d5b5721b0c5065cfde72516e3fb35024bbe5c3ed098c6b7dc0c459af732f96bc2f67c95435f6d9cbcd8941ac18b83ee54b27321b
- SSDEEP
  
  24576:MpiGSL76HSy+SqfyJFE0yD3VDPItrsRmPrAF6dGUO9T:Mpj2GHSy+SqfyJFE0yD3VDPIhsAPrA4Q
Score

1^/10
behavioral29 behavioral30
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/api-ms-win-core-console-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  0909e61c8c9c717976828f65c987e5f9
- SHA1
  
  b5affabb8afda55ebb1f404edab69c6c239affe6
- SHA256
  
  03ffdb036329a25beacf905d62611a13e3dfdda6cbd2d13af830258e8cf40ec0
- SHA512
  
  7f78746e40da64631c08d0e173fbdeb40beed180932b42382d9f3ac0cdb4348d2a5b1c29770bb98f5d4823cfd66ecac2285afbcaf109f82c8b75c7711f10c49d
- SSDEEP
  
  192:+OAWAhWeW4pICSjRof0cVWQ4GW/gYbOEU+9YX01k9z3AWB2c:+jWAhW82xlcdUOQGR9zBB2c
Score

1^/10
behavioral31
- Target
  
  #!NewFiile_7474_ṔḁṨṨCṏḌḙ$s/x64/api-ms-win-core-console-l1-2-0.dll
- Size
  
  21KB
- MD5
  
  6b33e6f1d77cec0901ea8e91473bc18b
- SHA1
  
  a397d2c6aead0b3e57d413a8d4af7f28e67f4166
- SHA256
  
  449631a3f5fadef72acc2c2f84765208d0ca014ec1fe93fb9ad805eec1d40eae
- SHA512
  
  8f5214e38202719f6a7549b2b97ad24288974cfb6cf0da1e9eec5b3b2092220f2330a260b17e28afa90b90226666a765a4e64fe91107e2063cde8e285f64773b
- SSDEEP
  
  192:p9qWAhWGW4pICSjRof0cVWQ4iWnYU7h+Il+jX01k9z3Az3TzRL:mWAhWk2xlcQtEjR9z83/RL
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Event Triggered Execution: Component Object Model Hijacking

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32