General
-
Target
46804581330e01afc25cffb6abe156110270b660d10d1f6a5bf1bfdd3d4b6d9aN.exe
-
Size
3.0MB
-
Sample
250103-vw5njavkcs
-
MD5
a9319755c7ba195c900d2338c3f724b0
-
SHA1
c7fe88f37443d014fcfc7c350f62cbb847d87ae0
-
SHA256
46804581330e01afc25cffb6abe156110270b660d10d1f6a5bf1bfdd3d4b6d9a
-
SHA512
e59b3c2a2a616398586b221492cb3ab9a0d429f222cebce30b090f05ecd3df06d6c209eef3276797806df4e5afc8beee44c3b57d9894b8c525d92b736a7d1be0
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV47RIgoqE:RF8QUitE4iLqaPWGnEvK7R6
Malware Config
Targets
-
-
Target
46804581330e01afc25cffb6abe156110270b660d10d1f6a5bf1bfdd3d4b6d9aN.exe
-
Size
3.0MB
-
MD5
a9319755c7ba195c900d2338c3f724b0
-
SHA1
c7fe88f37443d014fcfc7c350f62cbb847d87ae0
-
SHA256
46804581330e01afc25cffb6abe156110270b660d10d1f6a5bf1bfdd3d4b6d9a
-
SHA512
e59b3c2a2a616398586b221492cb3ab9a0d429f222cebce30b090f05ecd3df06d6c209eef3276797806df4e5afc8beee44c3b57d9894b8c525d92b736a7d1be0
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV47RIgoqE:RF8QUitE4iLqaPWGnEvK7R6
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-