General
-
Target
8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe
-
Size
5.8MB
-
Sample
241203-xd8zcatncq
-
MD5
48a27e390bb0f38f4bd3fb8170b71e10
-
SHA1
335bdab956b0f5d04421652d6ae43e9f862ca837
-
SHA256
8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425e
-
SHA512
2e5391c2938b17c14d4e6869993588597f501d87798a3f5b58ff3ba77358accfaa783036fb31fef634031accb6f4d503b4395488613a03db86087cb00d1857d9
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoML:RFQWEPnPBnEmOKIbGpPMAZcy3qyKBL
Malware Config
Targets
-
-
Target
8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe
-
Size
5.8MB
-
MD5
48a27e390bb0f38f4bd3fb8170b71e10
-
SHA1
335bdab956b0f5d04421652d6ae43e9f862ca837
-
SHA256
8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425e
-
SHA512
2e5391c2938b17c14d4e6869993588597f501d87798a3f5b58ff3ba77358accfaa783036fb31fef634031accb6f4d503b4395488613a03db86087cb00d1857d9
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoML:RFQWEPnPBnEmOKIbGpPMAZcy3qyKBL
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-