General
-
Target
72c5512cf8937d76a5d9e0aa9985fdf07a59e9bb582454779245c8716dd6675e
-
Size
5.7MB
-
Sample
241227-ytmaysyqhp
-
MD5
8ecd0b2213473f6e093149672f129b81
-
SHA1
d3d6696668b10a68a84f77ec13e6faf9b1fb093e
-
SHA256
72c5512cf8937d76a5d9e0aa9985fdf07a59e9bb582454779245c8716dd6675e
-
SHA512
a0e98369b0d00223e186d2f2e7e1971339289a28ccbe6511ba3cd0782bafd0af89bec64fa2f63b5ba8ce66d723887a58a1d0bc5008b24f86539c9a52c73e8cf7
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkooq2Vjnmn:RFQWEPnPBnEXNGnM
Malware Config
Targets
-
-
Target
72c5512cf8937d76a5d9e0aa9985fdf07a59e9bb582454779245c8716dd6675e
-
Size
5.7MB
-
MD5
8ecd0b2213473f6e093149672f129b81
-
SHA1
d3d6696668b10a68a84f77ec13e6faf9b1fb093e
-
SHA256
72c5512cf8937d76a5d9e0aa9985fdf07a59e9bb582454779245c8716dd6675e
-
SHA512
a0e98369b0d00223e186d2f2e7e1971339289a28ccbe6511ba3cd0782bafd0af89bec64fa2f63b5ba8ce66d723887a58a1d0bc5008b24f86539c9a52c73e8cf7
-
SSDEEP
98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkooq2Vjnmn:RFQWEPnPBnEXNGnM
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-