General
-
Target
895f4f87426d17b92e8e2d9ec2b4f13eb9040cbec54c1e1b6b75d847e6fa0ffa
-
Size
3.6MB
-
Sample
241227-x7c4rsykbw
-
MD5
f316bd28d43accb063c055c9530861bc
-
SHA1
aa8bc6ac4c7e526000950ac414d986842c3137bd
-
SHA256
895f4f87426d17b92e8e2d9ec2b4f13eb9040cbec54c1e1b6b75d847e6fa0ffa
-
SHA512
b09b104e2fa404a48bc4846c40295806dce3221e15c13f6fd3ed76ebdd1c472d44ab25b82b52ba126b33d90898cde5ccdb09be2d9ef5264a4ec5071ef84562d8
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77SFQJIUe:RF8QUitE4iLqaPWGnEvS9Ejv
Malware Config
Targets
-
-
Target
895f4f87426d17b92e8e2d9ec2b4f13eb9040cbec54c1e1b6b75d847e6fa0ffa
-
Size
3.6MB
-
MD5
f316bd28d43accb063c055c9530861bc
-
SHA1
aa8bc6ac4c7e526000950ac414d986842c3137bd
-
SHA256
895f4f87426d17b92e8e2d9ec2b4f13eb9040cbec54c1e1b6b75d847e6fa0ffa
-
SHA512
b09b104e2fa404a48bc4846c40295806dce3221e15c13f6fd3ed76ebdd1c472d44ab25b82b52ba126b33d90898cde5ccdb09be2d9ef5264a4ec5071ef84562d8
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77SFQJIUe:RF8QUitE4iLqaPWGnEvS9Ejv
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-