General

  • Target

    2818cfc99080bef29e9ec542c819c5bedd5e29493a1bd6a681d9d411f2d9c9da.exe

  • Size

    112KB

  • Sample

    241128-kk9s1axqhp

  • MD5

    0c84e0d44bcd5fcbf1a401cbb17192e8

  • SHA1

    41fa473131dbd2f80d2f9546a94b4b1bb420eff1

  • SHA256

    2818cfc99080bef29e9ec542c819c5bedd5e29493a1bd6a681d9d411f2d9c9da

  • SHA512

    669c2508d5fab91b1ffa12bbd29fc5326f5d72ba0b16fa5c598cd6d068c18191de44b8249eaccc9771a774c218853f10f04fa98fad1d48c83b1236d4f10363e6

  • SSDEEP

    1536:kLXB65939tY6HBg4sXJ9hAchXFc6cIbwWLnV0AchXFsOcVf22U1v:kLk395hYXJ9hAcMDenCAcroUl

Malware Config

Targets

    • Target

      2818cfc99080bef29e9ec542c819c5bedd5e29493a1bd6a681d9d411f2d9c9da.exe

    • Size

      112KB

    • MD5

      0c84e0d44bcd5fcbf1a401cbb17192e8

    • SHA1

      41fa473131dbd2f80d2f9546a94b4b1bb420eff1

    • SHA256

      2818cfc99080bef29e9ec542c819c5bedd5e29493a1bd6a681d9d411f2d9c9da

    • SHA512

      669c2508d5fab91b1ffa12bbd29fc5326f5d72ba0b16fa5c598cd6d068c18191de44b8249eaccc9771a774c218853f10f04fa98fad1d48c83b1236d4f10363e6

    • SSDEEP

      1536:kLXB65939tY6HBg4sXJ9hAchXFc6cIbwWLnV0AchXFsOcVf22U1v:kLk395hYXJ9hAcMDenCAcroUl

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Banload family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks