General
-
Target
b710286449c217ebd23fc7b0c0ba0030bf7184054dee48f3bf15b58bf41512a4.exe
-
Size
2.8MB
-
Sample
241204-2gs5hszrem
-
MD5
2e62f8f6fc5d5305441cfe2222c57186
-
SHA1
3291193940a4b14acbc24a7d243b3ab802fd5120
-
SHA256
b710286449c217ebd23fc7b0c0ba0030bf7184054dee48f3bf15b58bf41512a4
-
SHA512
a9bf9fa3315f4fc2407726b674b89f8e08a2111ec1d39851ffbb7260fde4064dccba5c64870ad0fc51cec0cdadab878d4266a2feaa4dfd6ba90698073f14f15f
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiKjUOlk0u:RF8QUitE4iLqaPWGnEvSu
Malware Config
Targets
-
-
Target
b710286449c217ebd23fc7b0c0ba0030bf7184054dee48f3bf15b58bf41512a4.exe
-
Size
2.8MB
-
MD5
2e62f8f6fc5d5305441cfe2222c57186
-
SHA1
3291193940a4b14acbc24a7d243b3ab802fd5120
-
SHA256
b710286449c217ebd23fc7b0c0ba0030bf7184054dee48f3bf15b58bf41512a4
-
SHA512
a9bf9fa3315f4fc2407726b674b89f8e08a2111ec1d39851ffbb7260fde4064dccba5c64870ad0fc51cec0cdadab878d4266a2feaa4dfd6ba90698073f14f15f
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiKjUOlk0u:RF8QUitE4iLqaPWGnEvSu
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (225) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-