banload | 64a91cc3b0732399297e7afde52698d2e093d853dacace4503bd07f606c967ce | Triage

Sharing

General

Target

64a91cc3b0732399297e7afde52698d2e093d853dacace4503bd07f606c967ce.exe
Size

3.9MB
Sample

241127-rtyknatmam
MD5

d7fd4d232e6944306d7756dbb57d9f82
SHA1

4216e260ee2c9b683a6b886dd66b0f1b37ce2869
SHA256

64a91cc3b0732399297e7afde52698d2e093d853dacace4503bd07f606c967ce
SHA512

97d00d3441ca2507a284f1886f5ea7f0b9a3d6b6863fe56ba6784e628d571ff2e681f1fc00bc52bb4e9005be2efc1d2ffcd7ba3a19e8f747023b14dd98ae785b
SSDEEP

49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77Szh9ownI:RF8QUitE4iLqaPWGnEvS9Ejzh9oEI

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Malware Config

Targets

- Target
  
  64a91cc3b0732399297e7afde52698d2e093d853dacace4503bd07f606c967ce.exe
- Size
  
  3.9MB
- MD5
  
  d7fd4d232e6944306d7756dbb57d9f82
- SHA1
  
  4216e260ee2c9b683a6b886dd66b0f1b37ce2869
- SHA256
  
  64a91cc3b0732399297e7afde52698d2e093d853dacace4503bd07f606c967ce
- SHA512
  
  97d00d3441ca2507a284f1886f5ea7f0b9a3d6b6863fe56ba6784e628d571ff2e681f1fc00bc52bb4e9005be2efc1d2ffcd7ba3a19e8f747023b14dd98ae785b
- SSDEEP
  
  49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77Szh9ownI:RF8QUitE4iLqaPWGnEvS9Ejzh9oEI
Score

10^/10

banload discovery downloader dropper evasion ransomware trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Renames multiple (196) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasionransomwaretrojan

behavioral2

banloaddiscoverydownloaderdropperevasionransomwaretrojan