banload | 754c0ab103289ee5562debcf47b71a94abec388ebb73bfa16469ff736b8d72f6 | Triage

Submit
Reports

Overview

overview

Static

static

1

files/Setup.exe

windows7-x64

files/Setup.exe

windows10-2004-x64

files/Setup.exe

windows11-21h2-x64

Sharing

General

Target

files.zip
Size

11.9MB
Sample

240621-w42saayhpc
MD5

b395211b60d6186e7a831098ae4d8d84
SHA1

dbbcacd7bdf5f9d8c178316176a4f7c62f32df72
SHA256

754c0ab103289ee5562debcf47b71a94abec388ebb73bfa16469ff736b8d72f6
SHA512

a16874cf2da56a186dc82f38efbe9145743f12e2cbe079fea53f4cd24352e82f15f4be3a034c280d4bab9b8377a88a3714dda6a72c9f5cef9eb527aa4dfb41aa
SSDEEP

196608:PXU6ugONJrnbmdtuXizk0kVoTucXxD2een08BfuscapuOUTKxY0NmRPwZ8y1CMN1:PFugMu6PvKhD2e+0qunSlUOeRpy1CMiS

Score

10^/10

banload downloader dropper evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

files/Setup.exe

Resource

win7-20240611-en

banload downloader dropper evasion persistence privilege_escalation trojan

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

files/Setup.exe

Resource

win10v2004-20240508-en

banload downloader dropper evasion persistence privilege_escalation trojan

windows10-2004-x64

12 signatures

300 seconds

Behavioral task

behavioral3

Sample

files/Setup.exe

Resource

win11-20240611-en

banload downloader dropper evasion persistence privilege_escalation trojan

windows11-21h2-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  files/Setup.exe
- Size
  
  8.5MB
- MD5
  
  98169506fec94c2b12ba9930ad704515
- SHA1
  
  bce662a9fb94551f648ba2d7e29659957fd6a428
- SHA256
  
  9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
- SHA512
  
  7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
- SSDEEP
  
  196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
Score

10^/10

banload downloader dropper evasion persistence privilege_escalation trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

banloaddownloaderdropperevasionpersistenceprivilege_escalationtrojan

behavioral2

banloaddownloaderdropperevasionpersistenceprivilege_escalationtrojan

behavioral3

banloaddownloaderdropperevasionpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy