banload | f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90eb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

f65ce67fc6...bN.exe

windows7-x64

f65ce67fc6...bN.exe

windows10-2004-x64

Sharing

General

Target

f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90ebN.exe
Size

2.8MB
Sample

250104-mm9bcsvrft
MD5

7d482819b5c544a401b3d655211ae590
SHA1

a64019d6226fc67d816e45f50d08989207300fd3
SHA256

f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90eb
SHA512

ec36cee9a0aa191827ee6785699d3c9110947a7bba66c36f5ecdf867180139af88be72457b5be2ff2f65612c53833bbca2b8d8bcc7020ae439d77ecbb7824145
SSDEEP

49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCMu7iMmC:RF8QUitE4iLqaPWGnEvgM7Mf

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90ebN.exe

Resource

win7-20240903-en

banload discovery downloader dropper evasion ransomware trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90ebN.exe

Resource

win10v2004-20241007-en

banload discovery downloader dropper evasion ransomware trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90ebN.exe
- Size
  
  2.8MB
- MD5
  
  7d482819b5c544a401b3d655211ae590
- SHA1
  
  a64019d6226fc67d816e45f50d08989207300fd3
- SHA256
  
  f65ce67fc6ffa29fb78fc9769690e32c6feffcd49755a7727c62c3d6d78c90eb
- SHA512
  
  ec36cee9a0aa191827ee6785699d3c9110947a7bba66c36f5ecdf867180139af88be72457b5be2ff2f65612c53833bbca2b8d8bcc7020ae439d77ecbb7824145
- SSDEEP
  
  49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCMu7iMmC:RF8QUitE4iLqaPWGnEvgM7Mf
Score

10^/10

banload discovery downloader dropper evasion ransomware trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Renames multiple (224) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddiscoverydownloaderdropperevasionransomwaretrojan

behavioral2

banloaddiscoverydownloaderdropperevasionransomwaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.