General
-
Target
67e1da8f9b5a94a16081cb53ead3f1734c2394c590f15e4936f24db320be9bf5N.exe
-
Size
2.4MB
-
Sample
250104-wen5wszngz
-
MD5
b373fefeba66598af5ce36d185f93720
-
SHA1
63d3a2c236875a9ae5a1e745df01e7a73544a0d3
-
SHA256
67e1da8f9b5a94a16081cb53ead3f1734c2394c590f15e4936f24db320be9bf5
-
SHA512
a02d5acbd900c669770442fa6ea43352bcafaebebc5c00dac9ebc705c804972c56a61dbdd236aea2776508074c29a95f2dbc66dc91dd180e05d2ea73e158bbeb
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVSWJIUD:RF8QUitE4iLqaPWGnEvV
Malware Config
Targets
-
-
Target
67e1da8f9b5a94a16081cb53ead3f1734c2394c590f15e4936f24db320be9bf5N.exe
-
Size
2.4MB
-
MD5
b373fefeba66598af5ce36d185f93720
-
SHA1
63d3a2c236875a9ae5a1e745df01e7a73544a0d3
-
SHA256
67e1da8f9b5a94a16081cb53ead3f1734c2394c590f15e4936f24db320be9bf5
-
SHA512
a02d5acbd900c669770442fa6ea43352bcafaebebc5c00dac9ebc705c804972c56a61dbdd236aea2776508074c29a95f2dbc66dc91dd180e05d2ea73e158bbeb
-
SSDEEP
49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVSWJIUD:RF8QUitE4iLqaPWGnEvV
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (225) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-