General
-
Target
magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe
-
Size
21KB
-
Sample
210722-68c2armfnx
-
MD5
4160c35d3c600712b528e8072de1bc58
-
SHA1
12c822103678fed7b928f0202eb7e51714ab3b56
-
SHA256
f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675
-
SHA512
f722f7a5560641b0cbeb73dfb9d495cf2920858acfdcd5806f619256f2810569486be00eee4547b07298ca20c18d478f3f567809a7b2ff9cf81519e057a3a962
Static task
static1
Behavioral task
behavioral1
Sample
magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.txt
magniber
http://ea10e838bc14c0409elqcsthxnw.ndkeblzjnpqgpo5o.onion/lqcsthxnw
http://ea10e838bc14c0409elqcsthxnw.wonride.site/lqcsthxnw
http://ea10e838bc14c0409elqcsthxnw.lognear.xyz/lqcsthxnw
http://ea10e838bc14c0409elqcsthxnw.lieedge.casa/lqcsthxnw
http://ea10e838bc14c0409elqcsthxnw.bejoin.space/lqcsthxnw
Targets
-
-
Target
magnibar_f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675.exe
-
Size
21KB
-
MD5
4160c35d3c600712b528e8072de1bc58
-
SHA1
12c822103678fed7b928f0202eb7e51714ab3b56
-
SHA256
f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675
-
SHA512
f722f7a5560641b0cbeb73dfb9d495cf2920858acfdcd5806f619256f2810569486be00eee4547b07298ca20c18d478f3f567809a7b2ff9cf81519e057a3a962
Score10/10-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of SetThreadContext
-