General
-
Target
Magniber4.msi
-
Size
11.4MB
-
Sample
220627-raznlsbgej
-
MD5
e449d2609f4c5410a31b73aef43f052e
-
SHA1
b48b1f8388d66e1098543adbe9a1ad2733eaeeaa
-
SHA256
bcbac6ef0f3344da0981454d5dbea7a958e288fd0c4995ae5cb46e3959949b20
-
SHA512
98d9fefe04f183b6ed231abfe1df33b0d7eaaaa9ae613f315ed21928e34848b68c5f1d24acde944c276f013459d5059ba13a953fa648e1b7e6427ef691d2e620
Malware Config
Targets
-
-
Target
Magniber4.msi
-
Size
11.4MB
-
MD5
e449d2609f4c5410a31b73aef43f052e
-
SHA1
b48b1f8388d66e1098543adbe9a1ad2733eaeeaa
-
SHA256
bcbac6ef0f3344da0981454d5dbea7a958e288fd0c4995ae5cb46e3959949b20
-
SHA512
98d9fefe04f183b6ed231abfe1df33b0d7eaaaa9ae613f315ed21928e34848b68c5f1d24acde944c276f013459d5059ba13a953fa648e1b7e6427ef691d2e620
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-