General
-
Target
d67e72a4ea3f613d54bff1272fcbcf8a4038783a15e83609e6c5839c6d37ba1cN.exe
-
Size
5.6MB
-
Sample
241202-dzrgmsxlft
-
MD5
9b810439391c9c861fe0cfb439b36e50
-
SHA1
797fbe20d5d4ed7e2351c423ba17b9f3957654df
-
SHA256
d67e72a4ea3f613d54bff1272fcbcf8a4038783a15e83609e6c5839c6d37ba1c
-
SHA512
3b9d98600c4aa3b0e4bea6011a70c87d63b82789eafb0fea2f466410b5203a6b976e8832c82403f0167a5f5252254289f8164746731e9838c03c61ed0d7a0d8b
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKl:RFQWEPnPBnEmOKIbGpPMAZcy3qyKl
Malware Config
Targets
-
-
Target
d67e72a4ea3f613d54bff1272fcbcf8a4038783a15e83609e6c5839c6d37ba1cN.exe
-
Size
5.6MB
-
MD5
9b810439391c9c861fe0cfb439b36e50
-
SHA1
797fbe20d5d4ed7e2351c423ba17b9f3957654df
-
SHA256
d67e72a4ea3f613d54bff1272fcbcf8a4038783a15e83609e6c5839c6d37ba1c
-
SHA512
3b9d98600c4aa3b0e4bea6011a70c87d63b82789eafb0fea2f466410b5203a6b976e8832c82403f0167a5f5252254289f8164746731e9838c03c61ed0d7a0d8b
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKl:RFQWEPnPBnEmOKIbGpPMAZcy3qyKl
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-