General
-
Target
facf59ac6b83890fe016a923d0f28c2463739fda63edae9ca72209348d2567b3N.exe
-
Size
4.6MB
-
Sample
241128-dfjyfsykbm
-
MD5
757273ef0c95033bd1fdd495c4c01440
-
SHA1
9d62945c331540fc9331db4cd09f318137902c46
-
SHA256
facf59ac6b83890fe016a923d0f28c2463739fda63edae9ca72209348d2567b3
-
SHA512
47c02c43ed6a33d3cd00b0f57a3de8a58fa755bc828c91c423fddb868e97ccf46dfa54f028c5d6bbb4ef9b9036fef21c6ea59b663344aa72ad79f2011b155222
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvSdsc0B18YhT8qX/WqDr:RFQWEPnPBnEKd50P8YhT825r
Malware Config
Targets
-
-
Target
facf59ac6b83890fe016a923d0f28c2463739fda63edae9ca72209348d2567b3N.exe
-
Size
4.6MB
-
MD5
757273ef0c95033bd1fdd495c4c01440
-
SHA1
9d62945c331540fc9331db4cd09f318137902c46
-
SHA256
facf59ac6b83890fe016a923d0f28c2463739fda63edae9ca72209348d2567b3
-
SHA512
47c02c43ed6a33d3cd00b0f57a3de8a58fa755bc828c91c423fddb868e97ccf46dfa54f028c5d6bbb4ef9b9036fef21c6ea59b663344aa72ad79f2011b155222
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvSdsc0B18YhT8qX/WqDr:RFQWEPnPBnEKd50P8YhT825r
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-