General
-
Target
996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535
-
Size
3.5MB
-
Sample
241227-yj8ffaypam
-
MD5
12d9b6e676211158f5a0f0352f108087
-
SHA1
6d7d4fccd243430580ff1c0150037b8a99a12937
-
SHA256
996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535
-
SHA512
2bfc9e85ef842b2b649ea61f18af140682aefe2111273507a1730b917704dd1934895296d7c9045865114e292691c7e5c9b107677a7892883412e9942b88c54d
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGMxu3fFne4j4ZXum7Y:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrMY
Malware Config
Targets
-
-
Target
996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535
-
Size
3.5MB
-
MD5
12d9b6e676211158f5a0f0352f108087
-
SHA1
6d7d4fccd243430580ff1c0150037b8a99a12937
-
SHA256
996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535
-
SHA512
2bfc9e85ef842b2b649ea61f18af140682aefe2111273507a1730b917704dd1934895296d7c9045865114e292691c7e5c9b107677a7892883412e9942b88c54d
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGMxu3fFne4j4ZXum7Y:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrMY
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-