General
-
Target
Magniber19.msi
-
Size
11.4MB
-
Sample
220627-rjd39sbghl
-
MD5
81eb662dd4e085d5e0f33b8c63d36a48
-
SHA1
526b36826281b4328cdb2dd57a0fe7aac9b7fab0
-
SHA256
6719d9d705ee6563f8fe93d28bf23f71db531ef43b07c794975531e8ab8705fe
-
SHA512
5ae12ed62314cfaaf12c889cc18fdea633e86ccae966a09a838eef756945593b1807de1a9abadeba5affffdaedb88c1019a23da8bc6198b807f35220c2e556b1
Malware Config
Targets
-
-
Target
Magniber19.msi
-
Size
11.4MB
-
MD5
81eb662dd4e085d5e0f33b8c63d36a48
-
SHA1
526b36826281b4328cdb2dd57a0fe7aac9b7fab0
-
SHA256
6719d9d705ee6563f8fe93d28bf23f71db531ef43b07c794975531e8ab8705fe
-
SHA512
5ae12ed62314cfaaf12c889cc18fdea633e86ccae966a09a838eef756945593b1807de1a9abadeba5affffdaedb88c1019a23da8bc6198b807f35220c2e556b1
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-