General
-
Target
508e8538c481ab57bb700d88ccc5ad644c8e2348f7612eadcb1e536f27aba1df.7z
-
Size
44KB
-
Sample
220705-gxab5ageg5
-
MD5
ab96411c76ea4534def3c5d365633146
-
SHA1
6a248bb482bd8085ead1568565dd63b1feb48297
-
SHA256
271c888d1a4e80039183b8340131090f20d43a23dddf27a1b2f7f0163e8b5aa9
-
SHA512
8a0934a4d98b8186e4f09508a291b6dab4f190d61f0c0cfc5f6fdf127005e196d2a50dbc99f963381076689ae4600ad52d931002e70353e0b7abc3e2faa40d08
Malware Config
Targets
-
-
Target
508e8538c481ab57bb700d88ccc5ad644c8e2348f7612eadcb1e536f27aba1df.msi
-
Size
20.7MB
-
MD5
30df77a05a3ff9da6cfce5fd7e4d1dfa
-
SHA1
f1dba529bca024d000cfef50bb8aa9c603077c88
-
SHA256
508e8538c481ab57bb700d88ccc5ad644c8e2348f7612eadcb1e536f27aba1df
-
SHA512
91bf4bcc4b60c73d24830bb7c8094af55ac7028bc9315970ad5fed8bd3a274ccc7a8497aa17ba954543d5ee039f2b4825f561cb2c236aab996210857a4eb6bee
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-