banload | 3e87857f9eda3416070db632b47961892bfc4ec4a3eeed3749a7ec493851ea58 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-09...er.exe

windows10-2004-x64

Sharing

General

Target

2025-04-09_fb2b269302236eb4b3960dc0d570a31d_amadey_hawkeye_smoke-loader
Size

5.9MB
Sample

250409-j7lh9avlv4
MD5

fb2b269302236eb4b3960dc0d570a31d
SHA1

42912f12f4c5fb83026204a663aea5051b1ad0da
SHA256

3e87857f9eda3416070db632b47961892bfc4ec4a3eeed3749a7ec493851ea58
SHA512

352cf339c580f1c54c88ad7237852260045e1de1526a23178bf6ba637a89e1f011b7ee182aa206863793768131ee5acbbe8cb6aacdabc9adf1625714fef771b8
SSDEEP

98304:RF8QUitE4iLqaPWGnEv++q5MOApXmtF8Rfnrlr:RFQWEPnPBnEQi

Score

10^/10

banload defense_evasion discovery downloader dropper ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-09_fb2b269302236eb4b3960dc0d570a31d_amadey_hawkeye_smoke-loader.exe

Resource

win10v2004-20250313-en

banload defense_evasion discovery downloader dropper ransomware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-09_fb2b269302236eb4b3960dc0d570a31d_amadey_hawkeye_smoke-loader
- Size
  
  5.9MB
- MD5
  
  fb2b269302236eb4b3960dc0d570a31d
- SHA1
  
  42912f12f4c5fb83026204a663aea5051b1ad0da
- SHA256
  
  3e87857f9eda3416070db632b47961892bfc4ec4a3eeed3749a7ec493851ea58
- SHA512
  
  352cf339c580f1c54c88ad7237852260045e1de1526a23178bf6ba637a89e1f011b7ee182aa206863793768131ee5acbbe8cb6aacdabc9adf1625714fef771b8
- SSDEEP
  
  98304:RF8QUitE4iLqaPWGnEv++q5MOApXmtF8Rfnrlr:RFQWEPnPBnEQi
Score

10^/10

banload defense_evasion discovery downloader dropper ransomware trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Banload family
  banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Renames multiple (339) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

banloaddefense_evasiondiscoverydownloaderdropperransomwaretrojan

© 2018-2025

Terms | Privacy