General
-
Target
f49e78721c3e8f31e0e8ca174c13545d55cc79e1e2e5dd34b11d9678caf06e11N.exe
-
Size
3.5MB
-
Sample
250103-v8hdrsyjhn
-
MD5
30a4f6d4a0e6c5187e1b03d37ff5fd70
-
SHA1
381ecea8734578b0109653daa726703b2908e4dd
-
SHA256
f49e78721c3e8f31e0e8ca174c13545d55cc79e1e2e5dd34b11d9678caf06e11
-
SHA512
25d027627be355eb9863531ad7ba57bcee98b081262e13ac69c955f76aa9e45ba983a83d569946b6499fa48f68a37f10a8dc44c28d0f0a66ad237ee0f7367a82
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGMxu3fFne4j4ZMljX:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrX
Malware Config
Targets
-
-
Target
f49e78721c3e8f31e0e8ca174c13545d55cc79e1e2e5dd34b11d9678caf06e11N.exe
-
Size
3.5MB
-
MD5
30a4f6d4a0e6c5187e1b03d37ff5fd70
-
SHA1
381ecea8734578b0109653daa726703b2908e4dd
-
SHA256
f49e78721c3e8f31e0e8ca174c13545d55cc79e1e2e5dd34b11d9678caf06e11
-
SHA512
25d027627be355eb9863531ad7ba57bcee98b081262e13ac69c955f76aa9e45ba983a83d569946b6499fa48f68a37f10a8dc44c28d0f0a66ad237ee0f7367a82
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGMxu3fFne4j4ZMljX:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrX
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (211) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-