General
-
Target
31e8aebedd14e68d31200daeaf55e7f64ce0b457794e78c20153a51cac0ba046N.exe
-
Size
3.4MB
-
Sample
250104-e11blstnhl
-
MD5
e7187962611d1ba8a19da99000f18a80
-
SHA1
7b351fb880ff5af34379d8cd910816d8450d5b79
-
SHA256
31e8aebedd14e68d31200daeaf55e7f64ce0b457794e78c20153a51cac0ba046
-
SHA512
57ba7dbdc1bc8951f0d379c8890d2acf8a9081c903aee3ddf9250c45712e9956b9ff586818e543dd6e704bcffeb555d7ff4ae4286d9043cbe38f4a46014eb3c2
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77SFm:RF8QUitE4iLqaPWGnEvS9Ejc
Malware Config
Targets
-
-
Target
31e8aebedd14e68d31200daeaf55e7f64ce0b457794e78c20153a51cac0ba046N.exe
-
Size
3.4MB
-
MD5
e7187962611d1ba8a19da99000f18a80
-
SHA1
7b351fb880ff5af34379d8cd910816d8450d5b79
-
SHA256
31e8aebedd14e68d31200daeaf55e7f64ce0b457794e78c20153a51cac0ba046
-
SHA512
57ba7dbdc1bc8951f0d379c8890d2acf8a9081c903aee3ddf9250c45712e9956b9ff586818e543dd6e704bcffeb555d7ff4ae4286d9043cbe38f4a46014eb3c2
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvV8u/kUHHklZ77SFm:RF8QUitE4iLqaPWGnEvS9Ejc
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (207) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-