banload | 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d | Triage

Submit
Reports

Overview

overview

Static

static

3

481f49f44f...dN.exe

windows11-21h2-x64

Resubmissions

19-12-2024 22:13

241219-1472hs1nds 10

19-12-2024 21:43

241219-1kzwss1maj 10

Sharing

General

Target

481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Size

2.4MB
Sample

241219-1472hs1nds
MD5

0850fb73ac5cf974c11c0a78f2cc0a80
SHA1

f05cc0495fe2a239c76625e6be51f3d52fdcdea2
SHA256

481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d
SHA512

30dae41f217a94117d67a4a8c782386cd8cb892ce4d0f05e4d9afcab1b9427d3ce3675e411fda2b032d74a38c1fa50f7659b2a8c0580fc78e3945292a3215fa9
SSDEEP

49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3olj3:RF8QUitE4iLqaPWGnEvY

Score

10^/10

banload discovery downloader dropper evasion execution ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe

Resource

win11-20241007-en

banload discovery downloader dropper evasion execution ransomware trojan

windows11-21h2-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
- Size
  
  2.4MB
- MD5
  
  0850fb73ac5cf974c11c0a78f2cc0a80
- SHA1
  
  f05cc0495fe2a239c76625e6be51f3d52fdcdea2
- SHA256
  
  481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d
- SHA512
  
  30dae41f217a94117d67a4a8c782386cd8cb892ce4d0f05e4d9afcab1b9427d3ce3675e411fda2b032d74a38c1fa50f7659b2a8c0580fc78e3945292a3215fa9
- SSDEEP
  
  49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3olj3:RF8QUitE4iLqaPWGnEvY
Score

10^/10

banload discovery downloader dropper evasion execution ransomware trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Renames multiple (564) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasionexecutionransomwaretrojan

© 2018-2024

Terms | Privacy