General
-
Target
4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
-
Size
4.6MB
-
Sample
241127-ypm2patqfk
-
MD5
c0a5f0a0ea95ae5d6b1a3dc36151dfc2
-
SHA1
b57e795d9f3fe1e61d5f171cda6b411b6d67f21e
-
SHA256
4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa
-
SHA512
adc02b226ad781b27bff2bc04c4c6e1121b6bd322673eba22bbf7de76d47af6a0d2c8f2d485cee70337ee84d03a7be0678b0bdabc64f5c7204d0dcc6466a6ead
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvSdsc0B18YhT8qX/WqDb:RFQWEPnPBnEKd50P8YhT825b
Malware Config
Targets
-
-
Target
4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
-
Size
4.6MB
-
MD5
c0a5f0a0ea95ae5d6b1a3dc36151dfc2
-
SHA1
b57e795d9f3fe1e61d5f171cda6b411b6d67f21e
-
SHA256
4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa
-
SHA512
adc02b226ad781b27bff2bc04c4c6e1121b6bd322673eba22bbf7de76d47af6a0d2c8f2d485cee70337ee84d03a7be0678b0bdabc64f5c7204d0dcc6466a6ead
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvSdsc0B18YhT8qX/WqDb:RFQWEPnPBnEKd50P8YhT825b
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (165) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-