General
-
Target
tni.exe
-
Size
18.0MB
-
Sample
241213-h74t6atpaj
-
MD5
eae08904c3970d0159cd833b4d19c1ef
-
SHA1
2013978ecacbe7c12a296bd8278a8691e4850b3b
-
SHA256
2c4b6c01bdaeb1a5b18252fb2d34b5c9499c0bfa7465e714563f6a89d34cf235
-
SHA512
01ed22ab70c69728c74bb07eacc35ffa8dbd01d647f37c3bceccea7247ba78cc3522ccfc943a69a2194b7c29b0452ce74f0ca669ed08b6d395f5007830145194
-
SSDEEP
393216:wdb3FiCHHMEeBZIGlRq2IzD70XN0il34Tvy06AoVMnvz:MbVrs7TlNI37GfqTq0ro
Malware Config
Targets
-
-
Target
tni.exe
-
Size
18.0MB
-
MD5
eae08904c3970d0159cd833b4d19c1ef
-
SHA1
2013978ecacbe7c12a296bd8278a8691e4850b3b
-
SHA256
2c4b6c01bdaeb1a5b18252fb2d34b5c9499c0bfa7465e714563f6a89d34cf235
-
SHA512
01ed22ab70c69728c74bb07eacc35ffa8dbd01d647f37c3bceccea7247ba78cc3522ccfc943a69a2194b7c29b0452ce74f0ca669ed08b6d395f5007830145194
-
SSDEEP
393216:wdb3FiCHHMEeBZIGlRq2IzD70XN0il34Tvy06AoVMnvz:MbVrs7TlNI37GfqTq0ro
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-