General
-
Target
df71f6a029880bf5eaa547813e2d0a1af40e5d411cdcc7b7202f430d117e969c.exe
-
Size
4.8MB
-
Sample
241207-j85nhstqcy
-
MD5
e991437b9e887945bbb81eaedf64ed52
-
SHA1
f3da647360636af64be5bba43a569bf354649759
-
SHA256
df71f6a029880bf5eaa547813e2d0a1af40e5d411cdcc7b7202f430d117e969c
-
SHA512
f61cc3ecaa4bc85dd96cbde04e50a97fd26ced45d4ddf101fe9b119988b86a09a56d644146f7d87cf427f25c4c4d98e9711292602fdd8aa45bfc01b97c0c4edd
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOk3oaCVA7m2l:RFQWEPnPBnEXE
Static task
static1
Behavioral task
behavioral1
Sample
df71f6a029880bf5eaa547813e2d0a1af40e5d411cdcc7b7202f430d117e969c.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
df71f6a029880bf5eaa547813e2d0a1af40e5d411cdcc7b7202f430d117e969c.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
df71f6a029880bf5eaa547813e2d0a1af40e5d411cdcc7b7202f430d117e969c.exe
-
Size
4.8MB
-
MD5
e991437b9e887945bbb81eaedf64ed52
-
SHA1
f3da647360636af64be5bba43a569bf354649759
-
SHA256
df71f6a029880bf5eaa547813e2d0a1af40e5d411cdcc7b7202f430d117e969c
-
SHA512
f61cc3ecaa4bc85dd96cbde04e50a97fd26ced45d4ddf101fe9b119988b86a09a56d644146f7d87cf427f25c4c4d98e9711292602fdd8aa45bfc01b97c0c4edd
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOk3oaCVA7m2l:RFQWEPnPBnEXE
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-