banload | 1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd | Triage

Submit
Reports

Overview

overview

Static

static

1

1b38015db0...cs.exe

windows7-x64

6

1b38015db0...cs.exe

windows10-2004-x64

Sharing

General

Target

1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd_NeikiAnalytics.exe
Size

110KB
Sample

240625-2f53pazenr
MD5

bc98184553877c8c61f96cdc8c2de820
SHA1

8db5150ef1c912ec846de52b3b2c957d85114c81
SHA256

1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd
SHA512

9fbeab6968be99513c10921cd1d0f7b423aeb4badc3c665e9da068a1c86aed8b148f0682190e6aa3363eb9672506cb0d435dff385928d903802ed3b0e7d623b5
SSDEEP

1536:bLXB65939tY6HBg4sXJ1UviBhkohVKJjFhaLeT99+eLnVtUviBhkohVKJjFhvOc4:bLk395hYXJ1UvUWXsP2nvUvUWX8CE

Score

10^/10

banload discovery downloader dropper evasion spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd_NeikiAnalytics.exe

Resource

win7-20231129-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

banload discovery downloader dropper evasion spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd_NeikiAnalytics.exe
- Size
  
  110KB
- MD5
  
  bc98184553877c8c61f96cdc8c2de820
- SHA1
  
  8db5150ef1c912ec846de52b3b2c957d85114c81
- SHA256
  
  1b38015db059780ef6a59307deb2deb8a75dc06d4e14b91ae511f0b72327abcd
- SHA512
  
  9fbeab6968be99513c10921cd1d0f7b423aeb4badc3c665e9da068a1c86aed8b148f0682190e6aa3363eb9672506cb0d435dff385928d903802ed3b0e7d623b5
- SSDEEP
  
  1536:bLXB65939tY6HBg4sXJ1UviBhkohVKJjFhaLeT99+eLnVtUviBhkohVKJjFhvOc4:bLk395hYXJ1UvUWXsP2nvUvUWX8CE
Score

10^/10

discovery banload downloader dropper evasion spyware stealer trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

banloaddiscoverydownloaderdropperevasionspywarestealertrojan

© 2018-2024

Terms | Privacy