banload | b6251f402464c488e25deb7fe3a2c5aeea4376b6cf51173a7bb2ec5498c5cb29 | Triage

Sharing

General

Target

da570126399784f6d6f251b7edd5c2b9_JaffaCakes118
Size

11.3MB
Sample

241209-s34cyaxmcm
MD5

da570126399784f6d6f251b7edd5c2b9
SHA1

4bb8f5fe501df9f6a9a531d1fafd82388bcc07e6
SHA256

b6251f402464c488e25deb7fe3a2c5aeea4376b6cf51173a7bb2ec5498c5cb29
SHA512

7e5b95febdc4c9213245cdf1cd061805a6c18dc6e9f9c88492f2354b8dc93311bdb934e39e9579112412a3f84526a3a03323716a67fcce549767cc91a2c432e1
SSDEEP

196608:1F9FWOdIDuh2+58YLdR+O4Mh/ZdAES+RrzEVmE2wJju/a5t/kpb2gPMPe:1F9cMIDuw6oOXfmjCvMW

Score

10^/10

banload discovery downloader dropper evasion trojan

Malware Config

Targets

- Target
  
  da570126399784f6d6f251b7edd5c2b9_JaffaCakes118
- Size
  
  11.3MB
- MD5
  
  da570126399784f6d6f251b7edd5c2b9
- SHA1
  
  4bb8f5fe501df9f6a9a531d1fafd82388bcc07e6
- SHA256
  
  b6251f402464c488e25deb7fe3a2c5aeea4376b6cf51173a7bb2ec5498c5cb29
- SHA512
  
  7e5b95febdc4c9213245cdf1cd061805a6c18dc6e9f9c88492f2354b8dc93311bdb934e39e9579112412a3f84526a3a03323716a67fcce549767cc91a2c432e1
- SSDEEP
  
  196608:1F9FWOdIDuh2+58YLdR+O4Mh/ZdAES+RrzEVmE2wJju/a5t/kpb2gPMPe:1F9cMIDuw6oOXfmjCvMW
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  068ba6a2cece65f680895ea627f71e39
- SHA1
  
  27070d0fa949a80360426f37b3dfe9eaa0ed66f4
- SHA256
  
  ef649d2b3daed72b0778ab6b3f22a02e288fd009cf9e7e76eb1991451e580f82
- SHA512
  
  adf99b31790694d8ad02c56b1cb7c9dadeac49d492225a2d297654bfcd617f3afad23990d1d695fba03af1c355456e2e7c3e972eaa9b5ab1770bbb6eef0e733f
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a4173b381625f9f12aadb4e1cdaefdb8
- SHA1
  
  cf1680c2bc970d5675adbf5e89292a97e6724713
- SHA256
  
  7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
- SHA512
  
  fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
- SSDEEP
  
  96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Flash.ocx
- Size
  
  917KB
- MD5
  
  fc3e17e12c2e31fac34b416b3dab829f
- SHA1
  
  ca33d1fa3d27c67c8bf2503a7474ac4f9223ed49
- SHA256
  
  471643ea9df42cc168412f33720f5b8cb1b391555cc795a5313224565274e9c0
- SHA512
  
  01a35672f70fcec69136475fab9ed643364af1683d49cb07cf6e5e47f003e2b8d0a553c52c42222c9ab7be4014f4e31a4701d30e28acd3c92a5407af4cc9a4fe
- SSDEEP
  
  24576:VvGzbaRNTt7tM7n0Nxt4oqN2eD65QmPNwJLKkn3WfhZXp:xmsxtJQn0Tt4rK5QmPNw4knGJpp
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  GLWorker.exe
- Size
  
  1.8MB
- MD5
  
  296e53cb5e482810bd6fe3b1af057ae9
- SHA1
  
  1508c946bfa550b6ca842a3f5295906941a46907
- SHA256
  
  996c5451aa7123b0877ee6a9251cf9a68573a63c293fb562bfbdbb228c22f155
- SHA512
  
  1eb54b7cc14d2651615dd441302113916cea98073f9a7649759979c7a58a722456e113a0ec883c1304ec21ec1e259d758c2697113b6558e858b16dfa3a534a83
- SSDEEP
  
  49152:AvMW2NU1Hlwu6fJTYW+1AUhXH6W0q5VWy7EeNk:A0hNOFwui+1AUhXHrPtQAk
Score

10^/10

banload discovery downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral15 behavioral16
- Target
  
  Heavy Weapon Deluxe.ifn
- Size
  
  2.5MB
- MD5
  
  b80bea12208369e13fe61947187583e4
- SHA1
  
  f678f953050bb12fada311cc8c7ddf756ff4e463
- SHA256
  
  b7b4649cc7efd9ee5c2133f3a487391445a0e8c94bffdb2b2112633c3e077b6a
- SHA512
  
  d8198365c259911cff0624c16d6e5be6603e7b5b9a1dba41a3adfa7a7a304964002c955b7159565feb3d577be79bcfe6716346bd053bf6d8b942a122f35d536b
- SSDEEP
  
  49152:LSSufUHSSRs1ztUvkT2Z6ampMmPJ00q5VWy7EeNDTNQW63NThubVwhl:Ltu8HD+1zc6ampMmPuPtQAHNSJhubQl
Score

10^/10

banload discovery downloader dropper evasion trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral17 behavioral18
- Target
  
  Uninstall.exe
- Size
  
  123KB
- MD5
  
  547babef61d913ab1a8ab5391fb65195
- SHA1
  
  0004077c7679e5b7fb9cdaeb842ca7c631d0f09f
- SHA256
  
  2bf784a7ba86703a5317b656312eac2a18242cc1492b7d5d2eb8b0ac797491ee
- SHA512
  
  498f154205794a709ba39aea766d322c300aeee401a104288182cdf731873a374e6ab77e37b0e4227e6f195286def90ea674be33917402e5e33d8aa3b143badb
- SSDEEP
  
  1536:HpgpHzb9dZVX9fHMvG0D3XJcnGpbeGLwDg1V/0H1msZ+bpualJf23lsb2G:JgXdZt9P6D3XJhpKG0cz/WmBO3ab2G
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  bass.dll
- Size
  
  95KB
- MD5
  
  fedd2cea478da0d6d9d6799d4ec350af
- SHA1
  
  150a3e20173f84afad54652233f4fca9a545d9f5
- SHA256
  
  4e7b44ecfada6d59290b28ad5262a686e34ebf50ac859493c511bba18f38ad06
- SHA512
  
  123ef3d85fec64962db8bcef96116f240fad919c8dddb802d3ed78d34aea60c4ca518b620c89da1e7b4d85dcbcd6524a7bcf3924488a53376130152ab940c898
- SSDEEP
  
  1536:iXrcASuvllnLoiUmEO246a+S/sA3peqj+fUfE+EnFrFQZP45o5TJhw95HD14X:4cAx9VoXmS46kheqgVBFQZw5eJhw9J5w
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  readme.html
- Size
  
  11KB
- MD5
  
  6f6a356cb7b6abdae9bbac125716814a
- SHA1
  
  2b4f2b424cbc7b80658150d38497a2020f905712
- SHA256
  
  e36783e0574502b90e7804dc54306fc2f839f60a1b6339007469b9b94d1eed95
- SHA512
  
  ca169e7410a80a9468b34879d37e4250636428db17d9ab9e5178a508981c95015bdf5a5fd24631f045f7caf49be4053e4c4c0873cd6bac41fa07e27a04e2c03c
- SSDEEP
  
  192:Ks1NOUYzy9/nLqwFDLaNmqcJgNQ9yG68jFJvEGK0cumDonNe0WyovXOrs1rsvwoT:j8+9PuWK8ykEGKEmDoNQyPrs1rsxZyBO
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

banloaddiscoverydownloaderdropperevasiontrojan

behavioral16

banloaddiscoverydownloaderdropperevasiontrojan

behavioral17

banloaddiscoverydownloaderdropperevasiontrojan

behavioral18

banloaddiscoverydownloaderdropperevasiontrojan

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28