magniber | fd5979d5ad2b2d68d7e5508c2d4e0147241e379a9115c0771d8bb56e2692db8c | Triage

Submit
Reports

Overview

overview

Static

static

Magniber2.msi

windows7_x64

7

Magniber2.msi

windows10-2004_x64

Sharing

General

Target

Magniber2.msi
Size

10.6MB
Sample

220630-eagrksheb9
MD5

cb152752867af105819552b9086a8c76
SHA1

f8cd1daef2428e9c01af3e1352e694c2f48d6cdf
SHA256

fd5979d5ad2b2d68d7e5508c2d4e0147241e379a9115c0771d8bb56e2692db8c
SHA512

9bcfa1f55d329149b1025dfd68ac3c5045a764427723d1b7b1e690bf973c99756865a0cfbf7dce17a83552562c3c193fb75bdda8b6f7550a6d24297cdf670f81

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Magniber2.msi

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Magniber2.msi

Resource

win10v2004-20220414-en

magniber evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Magniber2.msi
- Size
  
  10.6MB
- MD5
  
  cb152752867af105819552b9086a8c76
- SHA1
  
  f8cd1daef2428e9c01af3e1352e694c2f48d6cdf
- SHA256
  
  fd5979d5ad2b2d68d7e5508c2d4e0147241e379a9115c0771d8bb56e2692db8c
- SHA512
  
  9bcfa1f55d329149b1025dfd68ac3c5045a764427723d1b7b1e690bf973c99756865a0cfbf7dce17a83552562c3c193fb75bdda8b6f7550a6d24297cdf670f81
Score

10^/10

magniber evasion ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy