General
-
Target
2e4ca2fa6ef7688d88dd12f476b60ab70cb4f3fbd7722b4862800b45cbd2b1e8N.exe
-
Size
3.9MB
-
Sample
241127-xp52tswkb1
-
MD5
85eed7d73c6d1234229d9d7266b08060
-
SHA1
9e194d96d27c4adfe67ec7eb83e1d7e60df07b26
-
SHA256
2e4ca2fa6ef7688d88dd12f476b60ab70cb4f3fbd7722b4862800b45cbd2b1e8
-
SHA512
1b59198128bf362b26b9c09bbb3ac0dfb9346005da48c6cb29d5a8189c2caaa4a106e859236e8d0455be1bae85608f77ff408e258ee7f0dec0868a7a780fa50d
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77Szh9ownI:RF8QUitE4iLqaPWGnEvS9Ejzh9oEI
Malware Config
Targets
-
-
Target
2e4ca2fa6ef7688d88dd12f476b60ab70cb4f3fbd7722b4862800b45cbd2b1e8N.exe
-
Size
3.9MB
-
MD5
85eed7d73c6d1234229d9d7266b08060
-
SHA1
9e194d96d27c4adfe67ec7eb83e1d7e60df07b26
-
SHA256
2e4ca2fa6ef7688d88dd12f476b60ab70cb4f3fbd7722b4862800b45cbd2b1e8
-
SHA512
1b59198128bf362b26b9c09bbb3ac0dfb9346005da48c6cb29d5a8189c2caaa4a106e859236e8d0455be1bae85608f77ff408e258ee7f0dec0868a7a780fa50d
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77Szh9ownI:RF8QUitE4iLqaPWGnEvS9Ejzh9oEI
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-