General
-
Target
89eef529153c95944a83b90eef7ead1489d9298a5acd2e37c98c5a9640657e8fN.exe
-
Size
2.2MB
-
Sample
241219-g6l3aasmaz
-
MD5
02499a163b7d7ce0c75c02d6cf197270
-
SHA1
3c73a79f62848a7d351583f5c6efdb3126552e3d
-
SHA256
89eef529153c95944a83b90eef7ead1489d9298a5acd2e37c98c5a9640657e8f
-
SHA512
b01afc016f094d23551bf3e8c5e02874d3d7f56bf48f3bf960f4e56760c90f2098fd612f2c8fde0e004727bcb85cdefa23abf98171fcf35276d4179a58521b06
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3M:RF8QUitE4iLqaPWGnEv8
Malware Config
Targets
-
-
Target
89eef529153c95944a83b90eef7ead1489d9298a5acd2e37c98c5a9640657e8fN.exe
-
Size
2.2MB
-
MD5
02499a163b7d7ce0c75c02d6cf197270
-
SHA1
3c73a79f62848a7d351583f5c6efdb3126552e3d
-
SHA256
89eef529153c95944a83b90eef7ead1489d9298a5acd2e37c98c5a9640657e8f
-
SHA512
b01afc016f094d23551bf3e8c5e02874d3d7f56bf48f3bf960f4e56760c90f2098fd612f2c8fde0e004727bcb85cdefa23abf98171fcf35276d4179a58521b06
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3M:RF8QUitE4iLqaPWGnEv8
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-