MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15f01cf888792f4f3c3124b6e65a615342c7c8b9788941947f8131f3786a499c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Banload


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15f01cf888792f4f3c3124b6e65a615342c7c8b9788941947f8131f3786a499c
SHA3-384 hash: cb75e62d82c97b062815ac14775be1631d5aca9119203dcb788bd53caad8492c403db22cb892b6a3170840c924109ac4
SHA1 hash: 01a311c11f47d5b85de8e05dfd3fc59f3b4e12ad
MD5 hash: 0a6e3cafaf5cb2656e56be4440d06662
humanhash: mockingbird-bakerloo-spaghetti-xray
File name:meu.agendamento.msi
Download: download sample
Signature Banload
Create hunting rule
File size:275'456 bytes
First seen:2021-07-21 20:33:58 UTC
Last seen:2021-07-21 20:34:24 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 3072:q/qrFpdn7BU6ij4qpXqnnDibAJBVkm9i3DUY5ANz2L9rQn4J9+3Z5yOV2nSP:q/6Hn7BTqp4nwEg3DUY5ANN
Threatray 51 similar samples on MalwareBazaar
TLSH T1BE449D0633DA4679D9D603316B9BC312CB72EC308663852B568A7A0E2DF1594F6773F2
Reporter warz_s
Tags:Banload brazil msi

Intelligence

File Origin
# of uploads :
2
# of downloads :
985
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173166/
Detection(s):
SecuriteInfo.com.Trojan-Spy.Agent.22897.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/15f01cf888792f4f3c3124b6e65a615342c7c8b9788941947f8131f3786a499c
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
IPv4 Dotted Quad URL
A URL was detected referencing a direct IP address, as opposed to a domain name.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/819763
Signature
Machine Learning detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Copying Sensitive Files with Credential Data
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15f01cf888792f4f3c3124b6e65a615342c7c8b9788941947f8131f3786a499c/
Threat name:
Script-WScript.Trojan.Msaiha
Create hunting rule
Status:
Suspicious
First seen:
2021-07-21 20:35:04 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00aea1d8e6ad3b1e20f2decc617d17c6e8f590ebe705c82d4266d02fbca00f5c
Banload
1324b9aeace50c4bce3210f3fb553dfab6a8bc3efef016b8d186ca3ebc2f0dc8
Banload
2131f107d3c701344f650d0413fa83ee2112247d3f2bcff2c5ab6c2de5932f88
Banload
78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3
Banload
84a7ddb0c6e7adc2c3957c55995ac62ef60d3400d6dd2c538e7b5cfeda960a42
Banload
9f0d3b49b6eea3eff22dce2838b10e8e3b03c45f31212f8d26ae31cd576f1104
Banload
acd0ae8b296ee3fd7d01547b5220877770538fb76144b237f81377e3241726b3
Banload
af4811889f865fa54c6d10f69d4dc68bf745db7dc00882ecbf93355ac9f2881f
Banload
c55d93f8c25e4ed3886cc125f129ded48bf781990a143cbe5996f38fd2ab7fc7
Banload
e13fb6156b386d9cea3a46c3835a97636ad0eeddda3b354f86f19915721638fc
Banload
+ 41 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro upx xlm
Link:
https://tria.ge/reports/210721-zeznljmwh6/
Behaviour
Creates scheduled task(s)
Modifies system certificate store
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Enumerates connected drives
Loads dropped DLL
Blocklisted process makes network request
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15f01cf888792f4f3c3124b6e65a615342c7c8b9788941947f8131f3786a499c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_msi_file
Create hunting rule
Author:Johnk3r
Description:Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Banload

Microsoft Software Installer (MSI) msi 15f01cf888792f4f3c3124b6e65a615342c7c8b9788941947f8131f3786a499c

(this sample)

2fd7422b227cf8d699590cdd734ec7666e16306447a96138e21f78b7cf87ba54

  
Dropping
SHA256 2fd7422b227cf8d699590cdd734ec7666e16306447a96138e21f78b7cf87ba54
  
Dropping
SHA256 1f6570afdd3c00ffd6e13889e4242ff92f4d411d1c99e4580674c5b9058d4c5e
Cape
Cape
https://www.capesandbox.com/analysis/173166/

Comments