magniber | 64a3d5a2d4e801efc34f17d2f32aaea3126b7f2dd9c3def16ebaa7a45486596b | Triage

Submit
Reports

Overview

overview

Static

static

Magniber14.msi

windows7_x64

7

Magniber14.msi

windows10-2004_x64

Sharing

General

Target

Magniber14.msi
Size

11.4MB
Sample

220627-rg9r6adfb2
MD5

578dcc9ab0d231ad315da3c568dd974a
SHA1

e690c686e225abbde34dbe4ff0e41bb2c93f3b53
SHA256

64a3d5a2d4e801efc34f17d2f32aaea3126b7f2dd9c3def16ebaa7a45486596b
SHA512

8a5e9476a25f4513ea047cb98a383c6b6208efa479841557eadc3fb037b024b6da40f4a18068f618a3a412bb8408b78870c26b530e95b749e3ceac84a2163bc2

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Magniber14.msi

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Magniber14.msi

Resource

win10v2004-20220414-en

magniber evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Magniber14.msi
- Size
  
  11.4MB
- MD5
  
  578dcc9ab0d231ad315da3c568dd974a
- SHA1
  
  e690c686e225abbde34dbe4ff0e41bb2c93f3b53
- SHA256
  
  64a3d5a2d4e801efc34f17d2f32aaea3126b7f2dd9c3def16ebaa7a45486596b
- SHA512
  
  8a5e9476a25f4513ea047cb98a383c6b6208efa479841557eadc3fb037b024b6da40f4a18068f618a3a412bb8408b78870c26b530e95b749e3ceac84a2163bc2
Score

10^/10

magniber evasion ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy