General
-
Target
b80f9c5be3caf9cd0ea280c000826349ca6b551937137ed8620986d9fd688058.exe
-
Size
2.3MB
-
Sample
241219-bqyhgszrdx
-
MD5
c614d31ed168c52e463ccfa182cc0c52
-
SHA1
cd9ecc6b4dbb93639ccac6f6437c95d6dbe2804f
-
SHA256
b80f9c5be3caf9cd0ea280c000826349ca6b551937137ed8620986d9fd688058
-
SHA512
8f2029b595811e4f965b2fe88e7c5e889a1e61bdec08f739e2b974670237f5a92054b8e5a8b3016f5be4d1b6d4136711d9b2b10727c2218644fc7b573ae9f861
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3xP:RF8QUitE4iLqaPWGnEvZ
Malware Config
Targets
-
-
Target
b80f9c5be3caf9cd0ea280c000826349ca6b551937137ed8620986d9fd688058.exe
-
Size
2.3MB
-
MD5
c614d31ed168c52e463ccfa182cc0c52
-
SHA1
cd9ecc6b4dbb93639ccac6f6437c95d6dbe2804f
-
SHA256
b80f9c5be3caf9cd0ea280c000826349ca6b551937137ed8620986d9fd688058
-
SHA512
8f2029b595811e4f965b2fe88e7c5e889a1e61bdec08f739e2b974670237f5a92054b8e5a8b3016f5be4d1b6d4136711d9b2b10727c2218644fc7b573ae9f861
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3xP:RF8QUitE4iLqaPWGnEvZ
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-