General
-
Target
694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414
-
Size
2.7MB
-
Sample
250102-afpxxstrfj
-
MD5
42f061bafdb03901e4936f82634d89a9
-
SHA1
571a8dc91115d9d18329e9d7650107a157ffdc79
-
SHA256
694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414
-
SHA512
254e73edd8467f3797f915bd0c1186281c314dbb3ec6005ae6af99cabd9115b0bc06f63fbf77c53d6d87fa548fc924d3be3ea28a9de028195dea97cd631b7415
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCMu7hp4:RF8QUitE4iLqaPWGnEvgMJ
Malware Config
Targets
-
-
Target
694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414
-
Size
2.7MB
-
MD5
42f061bafdb03901e4936f82634d89a9
-
SHA1
571a8dc91115d9d18329e9d7650107a157ffdc79
-
SHA256
694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414
-
SHA512
254e73edd8467f3797f915bd0c1186281c314dbb3ec6005ae6af99cabd9115b0bc06f63fbf77c53d6d87fa548fc924d3be3ea28a9de028195dea97cd631b7415
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCMu7hp4:RF8QUitE4iLqaPWGnEvgMJ
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (229) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-