General
-
Target
3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe
-
Size
2.2MB
-
Sample
241219-h4ljeatrhs
-
MD5
664c1e089f7daabb50b054040b60ac8f
-
SHA1
d0fbf03fbc8c0a1209ff31ec522bf120d033f8d7
-
SHA256
3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1
-
SHA512
cb7c26bf43f1452123eaf3f1e5ad9ae7f35810d5305ba270389822c0a8f726bf0c7e330f11a88860d5917c8faf5d3307ea6e834a66373f21d632973811e49a16
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv30:RF8QUitE4iLqaPWGnEvk
Malware Config
Targets
-
-
Target
3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe
-
Size
2.2MB
-
MD5
664c1e089f7daabb50b054040b60ac8f
-
SHA1
d0fbf03fbc8c0a1209ff31ec522bf120d033f8d7
-
SHA256
3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1
-
SHA512
cb7c26bf43f1452123eaf3f1e5ad9ae7f35810d5305ba270389822c0a8f726bf0c7e330f11a88860d5917c8faf5d3307ea6e834a66373f21d632973811e49a16
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv30:RF8QUitE4iLqaPWGnEvk
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-