MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9f91a108d61f586d76de0da7314c50074b2574bc6bceda176d2bf3b33d905d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Banload


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9f91a108d61f586d76de0da7314c50074b2574bc6bceda176d2bf3b33d905d8
SHA3-384 hash: 5efc8a42626397e6f5987924e46b0b67b8e94f7229660b1dfde6a8c0534df659e4382955b900a09d91d76487a2b684b8
SHA1 hash: e750d28b6f01bdd0259bc6e63265c52f428d96f8
MD5 hash: 14169edff3fabcfb539f726ad3cda55a
humanhash: stream-carpet-vermont-blossom
File name:banload.msi
Download: download sample
Signature Banload
Create hunting rule
File size:270'336 bytes
First seen:2021-08-24 13:14:38 UTC
Last seen:2021-08-24 14:25:46 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 3072:1dspAtOImXwCGjtYNKbYO2gjpcm8rRuqpjCLw2loHUvU4yGxr53qM2a8+i0:1ftOIiRQYpgjpjew5LLyGx1qo8
Threatray 10 similar samples on MalwareBazaar
TLSH T1C9446B513BC9C13AD2AE063785BA9B66263A7D750B30D0CF77947D6C5E306D2A939302
Reporter warz_s
Tags:Banload brazil msi

Intelligence

File Origin
# of uploads :
2
# of downloads :
948
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181913/
Detection(s):
SecuriteInfo.com..18316.17454.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/b9f91a108d61f586d76de0da7314c50074b2574bc6bceda176d2bf3b33d905d8
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
30 / 100
Link:
https://www.joesandbox.com/analysis/838269
Signature
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 470701 Sample: banload.msi Startdate: 24/08/2021 Architecture: WINDOWS Score: 30 7 msiexec.exe 5 2->7         started        10 msiexec.exe 5 2->10         started        signatures3 47 Obfuscated command line found 7->47 12 cmd.exe 1 7->12         started        15 expand.exe 8 7->15         started        18 change.exe 1 7->18         started        20 3 other processes 7->20 process4 file5 49 Obfuscated command line found 12->49 22 powershell.exe 2 10 12->22         started        24 conhost.exe 12->24         started        26 cmd.exe 2 12->26         started        41 C:\...\5f5cceb127b6b04cb9c9a93ab0bfb124.tmp, PE32+ 15->41 dropped 43 C:\Users\user\AppData\...\change.exe (copy), PE32+ 15->43 dropped 28 conhost.exe 15->28         started        30 conhost.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 20->34         started        36 conhost.exe 20->36         started        signatures6 process7 process8 38 mshta.exe 18 22->38         started        dnsIp9 45 7paafv.calinox.top 38->45
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9f91a108d61f586d76de0da7314c50074b2574bc6bceda176d2bf3b33d905d8/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xh4rueenmh2ynv3n4dnhgfgfab2lev2ly26o3ilw2k7twm6zaxma._file
Verdict:
unknown
Similar samples:
41da210f64e2b009aaf03e96b2de701a30222faee25e38c6fbbaf958c84f680b
Banload
7d9ab1a869c3a874b19fbc8c98bfa40dab39e97cbfaeb4d057912c3549124f4d
Banload
83665f8cf0fc798b6dbeca777554aeaeb9d9cc53e27674c36e67294729d118f0
Banload
844f891f338bcde305546fb85d97ac01bfd2c4db663ce779e6048307af5085f5
Banload
85ac0e8244160430f8ca3d4fb031180ccf656a2d524a8fc2c828379c1c7b9e5f
Banload
d0003c908fdb5d830ecf51ce698e757f920a776d639e731b6a7472122e02b23d
Banload
dcacb6e6cd979249275767b31c9d0250101d3627c525011e9f4d66581dbb7722
Banload
fac18345a874ee1b8519072453f8b9ed6142406f5630748be821a17939da302d
Banload
fc0eee220cef0c364edb4cb6ff45e12b2d3c035b2be1072c627e40c4a298ea72
Banload
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/210824-fndpkqpc4j/
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Enumerates connected drives
Loads dropped DLL
Modifies file permissions
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/b9f91a108d61f586d76de0da7314c50074b2574bc6bceda176d2bf3b33d905d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/16837faf-a18e-454a-9995-55016ad5fff6
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/181913/

Comments