banload | 6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564 | Triage

Submit
Reports

Overview

overview

Static

static

1

6c014c4359...64.exe

windows7-x64

6c014c4359...64.exe

windows10-2004-x64

Sharing

General

Target

6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564
Size

123KB
Sample

241120-3ytm2swmbw
MD5

68fc0a389597e08de8d2668f768283c3
SHA1

ca00a153d98913a1d00ef500b522d9a85de5cb3a
SHA256

6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564
SHA512

8f393fbdab6fdc720156f396d60ef0ecbfaa6485b9c5d375dd1a3bf1f00fb40daa656b39cf2e18641f4692b4d2c1cbd9ccad3b1f52191aac9a83fbaee314d3ca
SSDEEP

1536:ELXB65939tY6HBg4sXJWAchXFW8KfHzb4+LnVRAchXFnIfbmUOcVf2S7naxI:ELk395hYXJWAcm8tWnvAcYfiDoH

Score

10^/10

banload discovery downloader dropper evasion spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564.exe

Resource

win7-20241010-en

banload discovery downloader dropper evasion spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564.exe

Resource

win10v2004-20241007-en

banload discovery downloader dropper evasion spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564
- Size
  
  123KB
- MD5
  
  68fc0a389597e08de8d2668f768283c3
- SHA1
  
  ca00a153d98913a1d00ef500b522d9a85de5cb3a
- SHA256
  
  6c014c435999946756265c8f7ebe8e967ee68d9a79fd458b942a16185e9fb564
- SHA512
  
  8f393fbdab6fdc720156f396d60ef0ecbfaa6485b9c5d375dd1a3bf1f00fb40daa656b39cf2e18641f4692b4d2c1cbd9ccad3b1f52191aac9a83fbaee314d3ca
- SSDEEP
  
  1536:ELXB65939tY6HBg4sXJWAchXFW8KfHzb4+LnVRAchXFnIfbmUOcVf2S7naxI:ELk395hYXJWAcm8tWnvAcYfiDoH
Score

10^/10

banload discovery downloader dropper evasion spyware stealer trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasionspywarestealertrojan

behavioral2

banloaddiscoverydownloaderdropperevasionspywarestealertrojan

© 2018-2024

Terms | Privacy