General

  • Target

    fe864ca1ed2d02f2ab3e42ec2dfcea0d7fb4d1aece9344612f6f66f739be10dfN.exe

  • Size

    2.8MB

  • Sample

    241204-v7yz5aylgn

  • MD5

    a58f1c1a4a6f0e58a0193e2f4ace7370

  • SHA1

    c5696172a9ddbc820ddad28ff28337b42de3efc8

  • SHA256

    fe864ca1ed2d02f2ab3e42ec2dfcea0d7fb4d1aece9344612f6f66f739be10df

  • SHA512

    7a0d6fb3d862537ad3fc44db93d4f87715f3ae593c96b89a4adb02eef5423cef1630e9ca36f6c7a8f47c0cdebcd75f8093769acd9518d7799c641a642e870663

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiKjUOlk0O:RF8QUitE4iLqaPWGnEvSO

Malware Config

Targets

    • Target

      fe864ca1ed2d02f2ab3e42ec2dfcea0d7fb4d1aece9344612f6f66f739be10dfN.exe

    • Size

      2.8MB

    • MD5

      a58f1c1a4a6f0e58a0193e2f4ace7370

    • SHA1

      c5696172a9ddbc820ddad28ff28337b42de3efc8

    • SHA256

      fe864ca1ed2d02f2ab3e42ec2dfcea0d7fb4d1aece9344612f6f66f739be10df

    • SHA512

      7a0d6fb3d862537ad3fc44db93d4f87715f3ae593c96b89a4adb02eef5423cef1630e9ca36f6c7a8f47c0cdebcd75f8093769acd9518d7799c641a642e870663

    • SSDEEP

      49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiKjUOlk0O:RF8QUitE4iLqaPWGnEvSO

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Banload family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Renames multiple (225) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks