General
-
Target
185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297N.exe
-
Size
2.6MB
-
Sample
250103-wz9x4awrbz
-
MD5
f75a6d32a2b1ffdb5c64936e919060e0
-
SHA1
03013bfeffb93f77a873b24fd860fdca7fc030ff
-
SHA256
185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297
-
SHA512
c864ffdc63d713b28cdadb59908b970a100916a39fd2a05dacb8500afe4f14675c4a91535626b4d3fc299d14971261ee7c24ca9f7524c62ebdfcfa8b5a992d99
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVzYBJIUu:RF8QUitE4iLqaPWGnEvL
Malware Config
Targets
-
-
Target
185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297N.exe
-
Size
2.6MB
-
MD5
f75a6d32a2b1ffdb5c64936e919060e0
-
SHA1
03013bfeffb93f77a873b24fd860fdca7fc030ff
-
SHA256
185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297
-
SHA512
c864ffdc63d713b28cdadb59908b970a100916a39fd2a05dacb8500afe4f14675c4a91535626b4d3fc299d14971261ee7c24ca9f7524c62ebdfcfa8b5a992d99
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVzYBJIUu:RF8QUitE4iLqaPWGnEvL
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (227) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-