General
-
Target
933beff1452ab56fcabb856fe4d01b6f624a809004ebc0604e1ef8f4c1beafb8N.exe
-
Size
3.7MB
-
Sample
241203-bafbzaxndj
-
MD5
a6abe2caa61d5319f6deeba2d78a5660
-
SHA1
5c8a4e46ec488d929f5b0b642e93346ba33e3863
-
SHA256
933beff1452ab56fcabb856fe4d01b6f624a809004ebc0604e1ef8f4c1beafb8
-
SHA512
4b851c68dce5e032ecdccd2c8c3d0bf26086173ddf3afac67bd6c6fbc990af46d6e2a5b3b4e40779d9b1a1d96bb53e2f4683f1ddc4deef32e0742061ccd70856
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRSOE2U:RF8QUitE4iLqaPWGnEvcUkUtSOEN
Malware Config
Targets
-
-
Target
933beff1452ab56fcabb856fe4d01b6f624a809004ebc0604e1ef8f4c1beafb8N.exe
-
Size
3.7MB
-
MD5
a6abe2caa61d5319f6deeba2d78a5660
-
SHA1
5c8a4e46ec488d929f5b0b642e93346ba33e3863
-
SHA256
933beff1452ab56fcabb856fe4d01b6f624a809004ebc0604e1ef8f4c1beafb8
-
SHA512
4b851c68dce5e032ecdccd2c8c3d0bf26086173ddf3afac67bd6c6fbc990af46d6e2a5b3b4e40779d9b1a1d96bb53e2f4683f1ddc4deef32e0742061ccd70856
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRSOE2U:RF8QUitE4iLqaPWGnEvcUkUtSOEN
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-