magniber | b9669bea10051a80e268a97e455404a0f50c310ed92d26965d8b097429c0adcf | Triage

Submit
Reports

Overview

overview

Static

static

Magniber11.msi

windows7_x64

7

Magniber11.msi

windows10-2004_x64

Sharing

General

Target

Magniber11.msi
Size

11.4MB
Sample

220627-rgpf8adfa5
MD5

43db7b2265449e9e7fbe92cf64489312
SHA1

d5b15d33a6406c603622f4bf98729f63c71c7933
SHA256

b9669bea10051a80e268a97e455404a0f50c310ed92d26965d8b097429c0adcf
SHA512

a9751360b4ca881fa2b621832222f74d4482a5295522dc8367b73bae0fd5712edd26eea4d02b4407b884a2a89bc77cb941e6daaaa00d37a9c73cc352bb0b2eb3

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Magniber11.msi

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Magniber11.msi

Resource

win10v2004-20220414-en

magniber evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Magniber11.msi
- Size
  
  11.4MB
- MD5
  
  43db7b2265449e9e7fbe92cf64489312
- SHA1
  
  d5b15d33a6406c603622f4bf98729f63c71c7933
- SHA256
  
  b9669bea10051a80e268a97e455404a0f50c310ed92d26965d8b097429c0adcf
- SHA512
  
  a9751360b4ca881fa2b621832222f74d4482a5295522dc8367b73bae0fd5712edd26eea4d02b4407b884a2a89bc77cb941e6daaaa00d37a9c73cc352bb0b2eb3
Score

10^/10

magniber evasion ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy