magniber | 5ce6fca6bd23161542ac33294ea2135c9278acee6a13c69028f81ca71beecebe

General

Target

c5f402a197a5b61d5b08d2602eb6d4a8
Size

38KB
Sample

211104-htx5fsdben
MD5

c5f402a197a5b61d5b08d2602eb6d4a8
SHA1

5e5203f0376a5f9665430ae6d9f2240f68b15e2c
SHA256

5ce6fca6bd23161542ac33294ea2135c9278acee6a13c69028f81ca71beecebe
SHA512

74e03a6db63ca2969bdc538a426be1da4680f2c3acfa5737d1f8602e6bfe088600bd6252911896106edc3e28ed1a6f4040a3a172952c1bcf144fd7b2efdfe0c6

Score

10^/10

magniber ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\readme.txt

Family

magniber

Ransom Note

ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://54ac6090a47ca27032koxinsnc.d7h33stfpbhrhq7k4oybqe5nw2f3ne5iukuq5lyirwbkhi52pb6hzrad.onion/koxinsnc Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://54ac6090a47ca27032koxinsnc.bookrow.website/koxinsnc http://54ac6090a47ca27032koxinsnc.letsyou.uno/koxinsnc http://54ac6090a47ca27032koxinsnc.bankhid.space/koxinsnc http://54ac6090a47ca27032koxinsnc.twosat.fit/koxinsnc Note! These are temporary addresses! They will be available for a limited amount of time!

URLs

http://54ac6090a47ca27032koxinsnc.d7h33stfpbhrhq7k4oybqe5nw2f3ne5iukuq5lyirwbkhi52pb6hzrad.onion/koxinsnc

http://54ac6090a47ca27032koxinsnc.bookrow.website/koxinsnc

http://54ac6090a47ca27032koxinsnc.letsyou.uno/koxinsnc

http://54ac6090a47ca27032koxinsnc.bankhid.space/koxinsnc

http://54ac6090a47ca27032koxinsnc.twosat.fit/koxinsnc

Targets

- Target
  
  c5f402a197a5b61d5b08d2602eb6d4a8
- Size
  
  38KB
- MD5
  
  c5f402a197a5b61d5b08d2602eb6d4a8
- SHA1
  
  5e5203f0376a5f9665430ae6d9f2240f68b15e2c
- SHA256
  
  5ce6fca6bd23161542ac33294ea2135c9278acee6a13c69028f81ca71beecebe
- SHA512
  
  74e03a6db63ca2969bdc538a426be1da4680f2c3acfa5737d1f8602e6bfe088600bd6252911896106edc3e28ed1a6f4040a3a172952c1bcf144fd7b2efdfe0c6
Score

10^/10

magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2