General
-
Target
871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
-
Size
3.9MB
-
Sample
241227-yblayaykfy
-
MD5
415fdd816519e04471cdb6e54f7e7f95
-
SHA1
94b06d48ec16ac9411433624d5aa8eb98973c7d3
-
SHA256
871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
-
SHA512
d7ff3e9a834ccde1f7e44268533dc42abc6af4b933e39c8ba6f2406975a4e6a8c60161e5a4b529fdcf87213b05827bc3b1789b65b977c8791151acc769e91d9a
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkO:RFQWEPnPBnEX3
Malware Config
Targets
-
-
Target
871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
-
Size
3.9MB
-
MD5
415fdd816519e04471cdb6e54f7e7f95
-
SHA1
94b06d48ec16ac9411433624d5aa8eb98973c7d3
-
SHA256
871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
-
SHA512
d7ff3e9a834ccde1f7e44268533dc42abc6af4b933e39c8ba6f2406975a4e6a8c60161e5a4b529fdcf87213b05827bc3b1789b65b977c8791151acc769e91d9a
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkO:RFQWEPnPBnEX3
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-