General
-
Target
871801352c3007a3b7e6bbee8b6d14617ef224ef6cd4cdc4c9129bfe076be2a3
-
Size
3.0MB
-
Sample
241227-yaqt2aymbk
-
MD5
acec99a04190e0983df5d2348bedb173
-
SHA1
0e3f4d2ede8d1861048db044edccdf44b728da37
-
SHA256
871801352c3007a3b7e6bbee8b6d14617ef224ef6cd4cdc4c9129bfe076be2a3
-
SHA512
1bfc447a5cc10f9e46c4c65c38307ff10a8ad72f48fa4bbd091102c8b987f276f49241b7c5d98298a76ae436901d2111be90593cf844ca823f7d8314d24dbf00
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHkNJIyJ:RF8QUitE4iLqaPWGnEvS9EwIyJ
Malware Config
Targets
-
-
Target
871801352c3007a3b7e6bbee8b6d14617ef224ef6cd4cdc4c9129bfe076be2a3
-
Size
3.0MB
-
MD5
acec99a04190e0983df5d2348bedb173
-
SHA1
0e3f4d2ede8d1861048db044edccdf44b728da37
-
SHA256
871801352c3007a3b7e6bbee8b6d14617ef224ef6cd4cdc4c9129bfe076be2a3
-
SHA512
1bfc447a5cc10f9e46c4c65c38307ff10a8ad72f48fa4bbd091102c8b987f276f49241b7c5d98298a76ae436901d2111be90593cf844ca823f7d8314d24dbf00
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHkNJIyJ:RF8QUitE4iLqaPWGnEvS9EwIyJ
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-