General
-
Target
92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
-
Size
5.8MB
-
Sample
241201-xb792asrfq
-
MD5
cd283f0aa38cce333ec378422d7a5ae1
-
SHA1
9ea20227f72e6886de00530f2b262c3ab22c7df1
-
SHA256
92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87
-
SHA512
c43a4f1299074703c5aed239e0daeb982b79220ab5d4607f1656b5b917b78248f6e52bde7f4504e6da78849df09d33f5acb7c5e8e444e63e696530c67ba2bd12
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoM5:RFQWEPnPBnEmOKIbGpPMAZcy3qyKB5
Malware Config
Targets
-
-
Target
92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87.exe
-
Size
5.8MB
-
MD5
cd283f0aa38cce333ec378422d7a5ae1
-
SHA1
9ea20227f72e6886de00530f2b262c3ab22c7df1
-
SHA256
92eba36eb3d071e979bbe62623b4850677f96a83bc2b0a7256d6a6dd5a930c87
-
SHA512
c43a4f1299074703c5aed239e0daeb982b79220ab5d4607f1656b5b917b78248f6e52bde7f4504e6da78849df09d33f5acb7c5e8e444e63e696530c67ba2bd12
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoM5:RFQWEPnPBnEmOKIbGpPMAZcy3qyKB5
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-