Overview

overview

10

Static

static

3

8aa50f7938...41.exe

windows7-x64

10

8aa50f7938...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aa50f7938c30c4fe342eda08f87ab836c47a9812eb939e765fae3be39d4bc41

  • Size

    4.0MB

  • Sample

    241227-x6h9dsyldl

  • MD5

    70713908aec9c29229f4788ca59a3c4b

  • SHA1

    aa7787907294ba39e014a17b2d243d9c8f5ab95e

  • SHA256

    8aa50f7938c30c4fe342eda08f87ab836c47a9812eb939e765fae3be39d4bc41

  • SHA512

    247972561c472be3a910b23f741bee876f330b5bb48df6dbd85b092a3e5631747d33c01eac83fefe3d93d81e41b6c1e3d3db6f97474a34f848d4b9b267e3a2aa

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOk+I:RFQWEPnPBnEXxI

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Targets

    • Target

      8aa50f7938c30c4fe342eda08f87ab836c47a9812eb939e765fae3be39d4bc41

    • Size

      4.0MB

    • MD5

      70713908aec9c29229f4788ca59a3c4b

    • SHA1

      aa7787907294ba39e014a17b2d243d9c8f5ab95e

    • SHA256

      8aa50f7938c30c4fe342eda08f87ab836c47a9812eb939e765fae3be39d4bc41

    • SHA512

      247972561c472be3a910b23f741bee876f330b5bb48df6dbd85b092a3e5631747d33c01eac83fefe3d93d81e41b6c1e3d3db6f97474a34f848d4b9b267e3a2aa

    • SSDEEP

      98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOk+I:RFQWEPnPBnEXxI

    Score
    10/10
    banloaddiscoverydownloaderdropperevasionransomwaretrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Banload family

      banload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Renames multiple (169) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks