General
-
Target
MAG.msi.bin
-
Size
96KB
-
Sample
220523-f8fslsbge7
-
MD5
957d0c81c985609c580565a0323a14cd
-
SHA1
d8d46413409a14a1ae407107016e28074c6824d5
-
SHA256
9180fe1ea22b07841146ba483d454faf092c8cd9fed14222a08b7392cda2e7be
-
SHA512
0ff024ff07ab13e7d308429fd8906560e58610b63a7dd468f6b5b6c86221962dbc27e93090e5607104201e9cabe90b52affba54411a541f5c2f5369db231cf52
Static task
static1
Behavioral task
behavioral1
Sample
MAG.msi
Resource
win10-20220414-en
Malware Config
Targets
-
-
Target
MAG.msi.bin
-
Size
96KB
-
MD5
957d0c81c985609c580565a0323a14cd
-
SHA1
d8d46413409a14a1ae407107016e28074c6824d5
-
SHA256
9180fe1ea22b07841146ba483d454faf092c8cd9fed14222a08b7392cda2e7be
-
SHA512
0ff024ff07ab13e7d308429fd8906560e58610b63a7dd468f6b5b6c86221962dbc27e93090e5607104201e9cabe90b52affba54411a541f5c2f5369db231cf52
Score9/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-