General
-
Target
c6b6ec00_by_Libranalysis
-
Size
22KB
-
Sample
210818-8e7ftqdsax
-
MD5
c6b6ec00b64069d66c8d14d65f7cfd8f
-
SHA1
b90e6bf12728fa3b0984aabc32b39f1db082a1da
-
SHA256
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed
-
SHA512
c9d7c97c63806e87804c33530f48ba950542ba28421d354cb287c9bf027ff5a853b76200e87eadd3cde0469f4b8c93f8c4bc0e71f5e4aa1cdf33e05c0673254a
Static task
static1
Behavioral task
behavioral1
Sample
c6b6ec00_by_Libranalysis.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
c6b6ec00_by_Libranalysis.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.txt
magniber
http://34704ac06214c040e8csnwyqmwa.erpp3f6j634gmj33.onion/csnwyqmwa
http://34704ac06214c040e8csnwyqmwa.jobsbig.cam/csnwyqmwa
http://34704ac06214c040e8csnwyqmwa.nowuser.casa/csnwyqmwa
http://34704ac06214c040e8csnwyqmwa.boxgas.icu/csnwyqmwa
http://34704ac06214c040e8csnwyqmwa.bykeep.club/csnwyqmwa
Targets
-
-
Target
c6b6ec00_by_Libranalysis
-
Size
22KB
-
MD5
c6b6ec00b64069d66c8d14d65f7cfd8f
-
SHA1
b90e6bf12728fa3b0984aabc32b39f1db082a1da
-
SHA256
7ec95111e00ce9c19ebf88e9683363390873451b00e0348bca4d80ef1e4b20ed
-
SHA512
c9d7c97c63806e87804c33530f48ba950542ba28421d354cb287c9bf027ff5a853b76200e87eadd3cde0469f4b8c93f8c4bc0e71f5e4aa1cdf33e05c0673254a
Score10/10-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of SetThreadContext
-