General
-
Target
7a864df50615c0db2bf24cc59f14fe1c4702d930af6e5db496ef5c5263d5f512
-
Size
3.8MB
-
Sample
241227-yjdaasyngp
-
MD5
0b4ddc7001a82f402b7f8077b2bbfa2e
-
SHA1
c34fbd79bda7787e6b490bb025eb12f08730a897
-
SHA256
7a864df50615c0db2bf24cc59f14fe1c4702d930af6e5db496ef5c5263d5f512
-
SHA512
dd8c69f345e31b68ace8ad6b3ce89748dd2e1549e45ab5f0478d44b43df22c61e41d7eb2021670c1a8d9ea8a90d1d40d08ba521c32c749604bb8adceebcce54e
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkp:RFQWEPnPBnEXQ
Malware Config
Targets
-
-
Target
7a864df50615c0db2bf24cc59f14fe1c4702d930af6e5db496ef5c5263d5f512
-
Size
3.8MB
-
MD5
0b4ddc7001a82f402b7f8077b2bbfa2e
-
SHA1
c34fbd79bda7787e6b490bb025eb12f08730a897
-
SHA256
7a864df50615c0db2bf24cc59f14fe1c4702d930af6e5db496ef5c5263d5f512
-
SHA512
dd8c69f345e31b68ace8ad6b3ce89748dd2e1549e45ab5f0478d44b43df22c61e41d7eb2021670c1a8d9ea8a90d1d40d08ba521c32c749604bb8adceebcce54e
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkp:RFQWEPnPBnEXQ
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-