General
-
Target
3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a.exe
-
Size
3.7MB
-
Sample
241202-1pm3sszral
-
MD5
7f8b99ef3e558637f16f8f4ce15c5768
-
SHA1
f51a78235c20644245dca579e85e2d90758e78b0
-
SHA256
3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a
-
SHA512
e55ba8ddfd579748a1edd8db8d352f0d7277cc115cff02b1edd906bd092cd7806bedd4a111c9f99b62cdb527de8c246d89004d6b46d3cdbb9ea41649b26521d8
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRSOE2U:RF8QUitE4iLqaPWGnEvcUkUtSOEl
Malware Config
Targets
-
-
Target
3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a.exe
-
Size
3.7MB
-
MD5
7f8b99ef3e558637f16f8f4ce15c5768
-
SHA1
f51a78235c20644245dca579e85e2d90758e78b0
-
SHA256
3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a
-
SHA512
e55ba8ddfd579748a1edd8db8d352f0d7277cc115cff02b1edd906bd092cd7806bedd4a111c9f99b62cdb527de8c246d89004d6b46d3cdbb9ea41649b26521d8
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRSOE2U:RF8QUitE4iLqaPWGnEvcUkUtSOEl
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-