General
-
Target
7.exe
-
Size
21KB
-
Sample
210622-5npfzh2c5e
-
MD5
555aee36e8e1c0e684e658b9ef65bc83
-
SHA1
f8afbddf6e6ab23f914f961b2eedc51f8b78fabd
-
SHA256
9f72ed1dc20575f4e19a75256a0df8871561008ce1387e12d932598c21a5b16f
-
SHA512
b65578a6c9ed2d9262776a73ebb230aa3deeb7e4aa829add17024609261c58dd9e941d6ebde5a6dcac824b56df8d7dccce4938d498069800cc63f14a05513b52
Static task
static1
Behavioral task
behavioral1
Sample
7.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
7.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.txt
magniber
http://f014ace070784a70eedezwvaw.ndkeblzjnpqgpo5o.onion/dezwvaw
http://f014ace070784a70eedezwvaw.lognear.xyz/dezwvaw
http://f014ace070784a70eedezwvaw.wonride.site/dezwvaw
http://f014ace070784a70eedezwvaw.lieedge.casa/dezwvaw
http://f014ace070784a70eedezwvaw.bejoin.space/dezwvaw
Targets
-
-
Target
7.exe
-
Size
21KB
-
MD5
555aee36e8e1c0e684e658b9ef65bc83
-
SHA1
f8afbddf6e6ab23f914f961b2eedc51f8b78fabd
-
SHA256
9f72ed1dc20575f4e19a75256a0df8871561008ce1387e12d932598c21a5b16f
-
SHA512
b65578a6c9ed2d9262776a73ebb230aa3deeb7e4aa829add17024609261c58dd9e941d6ebde5a6dcac824b56df8d7dccce4938d498069800cc63f14a05513b52
Score10/10-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of SetThreadContext
-