banload | 872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e | Triage

Sharing

General

Target

872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e
Size

3.1MB
Sample

241227-ydr69sylav
MD5

49c1a0464aff4cbf082a8d73bd7db0d2
SHA1

46f5b216fbd21e7c802d5a3c4cf9a19682f55593
SHA256

872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e
SHA512

48caf07868efe35ce01ad61f14a5ff1a22e28553e3919a5640a98a5a4d84b1a70fa20123f1cb28110bc9bfe76e483fa91852baec759cb7d079f23532ccb244b7
SSDEEP

49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiK7lji2Ayd:RF8QUitE4iLqaPWGnEvc

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Malware Config

Targets

- Target
  
  872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e
- Size
  
  3.1MB
- MD5
  
  49c1a0464aff4cbf082a8d73bd7db0d2
- SHA1
  
  46f5b216fbd21e7c802d5a3c4cf9a19682f55593
- SHA256
  
  872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e
- SHA512
  
  48caf07868efe35ce01ad61f14a5ff1a22e28553e3919a5640a98a5a4d84b1a70fa20123f1cb28110bc9bfe76e483fa91852baec759cb7d079f23532ccb244b7
- SSDEEP
  
  49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiK7lji2Ayd:RF8QUitE4iLqaPWGnEvc
Score

10^/10

banload discovery downloader dropper evasion ransomware trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Renames multiple (230) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasionransomwaretrojan

behavioral2

banloaddiscoverydownloaderdropperevasionransomwaretrojan