General
-
Target
01e2b85bb4bdb685155af06dcbe13f168aab9668d449cbdc1c1de8c40098cf79N.exe
-
Size
3.1MB
-
Sample
250103-rzv2qasjgn
-
MD5
428e0d6ee146e85a0b84c02390932cf0
-
SHA1
ce4b98957be9996c0f39dcf9ee576dce4d763d6a
-
SHA256
01e2b85bb4bdb685155af06dcbe13f168aab9668d449cbdc1c1de8c40098cf79
-
SHA512
6a01d8d61e8e27f7ff611cbcfdc7971a01cab383c8a88ac3b0dbdff3ff4fb1210ca9b41c9a67c9cf83eb8c7680c66199e23c30cc7e626fc3cbec546150851431
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRvp:RF8QUitE4iLqaPWGnEvcUkUtx
Malware Config
Targets
-
-
Target
01e2b85bb4bdb685155af06dcbe13f168aab9668d449cbdc1c1de8c40098cf79N.exe
-
Size
3.1MB
-
MD5
428e0d6ee146e85a0b84c02390932cf0
-
SHA1
ce4b98957be9996c0f39dcf9ee576dce4d763d6a
-
SHA256
01e2b85bb4bdb685155af06dcbe13f168aab9668d449cbdc1c1de8c40098cf79
-
SHA512
6a01d8d61e8e27f7ff611cbcfdc7971a01cab383c8a88ac3b0dbdff3ff4fb1210ca9b41c9a67c9cf83eb8c7680c66199e23c30cc7e626fc3cbec546150851431
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRvp:RF8QUitE4iLqaPWGnEvcUkUtx
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-