General
-
Target
60f5737deb30adc9c7c033e51149494d0546606386a4950d4decea2feed8d5ad.exe
-
Size
3.0MB
-
Sample
241205-cecbjsykdm
-
MD5
20955657049216af45f5c73976e09d96
-
SHA1
1011000130add4bd762294a762b0be35564167b7
-
SHA256
60f5737deb30adc9c7c033e51149494d0546606386a4950d4decea2feed8d5ad
-
SHA512
a709d572fe4c45763abc2d56b6a31014e624b5f74df458b78bf4abb28047c095c6ae08030445695a715fee44c59c040ffbd7ceff7abc5b17771046baa519da03
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiKq:RF8QUitE4iLqaPWGnEv3
Malware Config
Targets
-
-
Target
60f5737deb30adc9c7c033e51149494d0546606386a4950d4decea2feed8d5ad.exe
-
Size
3.0MB
-
MD5
20955657049216af45f5c73976e09d96
-
SHA1
1011000130add4bd762294a762b0be35564167b7
-
SHA256
60f5737deb30adc9c7c033e51149494d0546606386a4950d4decea2feed8d5ad
-
SHA512
a709d572fe4c45763abc2d56b6a31014e624b5f74df458b78bf4abb28047c095c6ae08030445695a715fee44c59c040ffbd7ceff7abc5b17771046baa519da03
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiKq:RF8QUitE4iLqaPWGnEv3
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-