General
-
Target
de15232955fd62ad0131e5480164f6d62e3569f041cbbc6d2adf6bf013aef13bN.exe
-
Size
3.0MB
-
Sample
241205-fjlbsswjdp
-
MD5
a0603251331725cbcbde1f6189d22190
-
SHA1
0708b11c6c53a3a43260665436af65b313aa0a11
-
SHA256
de15232955fd62ad0131e5480164f6d62e3569f041cbbc6d2adf6bf013aef13b
-
SHA512
8386a093a92bbb515b217c940e3e296150fae35aaa8a8e2869fcb3249d42b1a0eb55b02f6a65f46fdd5bc43646e83f4fc332fe97618bd793a6370cf6c5cfdf14
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiK+:RF8QUitE4iLqaPWGnEvN
Malware Config
Targets
-
-
Target
de15232955fd62ad0131e5480164f6d62e3569f041cbbc6d2adf6bf013aef13bN.exe
-
Size
3.0MB
-
MD5
a0603251331725cbcbde1f6189d22190
-
SHA1
0708b11c6c53a3a43260665436af65b313aa0a11
-
SHA256
de15232955fd62ad0131e5480164f6d62e3569f041cbbc6d2adf6bf013aef13b
-
SHA512
8386a093a92bbb515b217c940e3e296150fae35aaa8a8e2869fcb3249d42b1a0eb55b02f6a65f46fdd5bc43646e83f4fc332fe97618bd793a6370cf6c5cfdf14
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiK+:RF8QUitE4iLqaPWGnEvN
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (213) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-