General
-
Target
SYSTEM.Security.Database.Upgrade.Win10.0.jse
-
Size
185KB
-
Sample
220915-gr1l5acaf7
-
MD5
f6d2fc78661b55258fb704f66c9949e4
-
SHA1
7c4608440e4afcb032890edd4deef18a0ce3c8dd
-
SHA256
6a68217b951f9655e4a7ed13fcfc4696ac5d231450fe7d2be8b6a1d71425752c
-
SHA512
9f66641f19e8046b19f7bffa056ec3e677aae853102dded94c22665381d0d2b65334c16c74d7b64df319b1518931d6ad281ad86c1fbc67ee6ba1984f67506dce
-
SSDEEP
3072:dthtQYzUz8giIajyEPeR00t/+DYhRkEIKf+6yr3S1IuIDbHBX66vPYH/J25gfgbD:z73zUz8gCjyUeihSRkCy3H36HxgbD
Malware Config
Targets
-
-
Target
SYSTEM.Security.Database.Upgrade.Win10.0.jse
-
Size
185KB
-
MD5
f6d2fc78661b55258fb704f66c9949e4
-
SHA1
7c4608440e4afcb032890edd4deef18a0ce3c8dd
-
SHA256
6a68217b951f9655e4a7ed13fcfc4696ac5d231450fe7d2be8b6a1d71425752c
-
SHA512
9f66641f19e8046b19f7bffa056ec3e677aae853102dded94c22665381d0d2b65334c16c74d7b64df319b1518931d6ad281ad86c1fbc67ee6ba1984f67506dce
-
SSDEEP
3072:dthtQYzUz8giIajyEPeR00t/+DYhRkEIKf+6yr3S1IuIDbHBX66vPYH/J25gfgbD:z73zUz8gCjyUeihSRkCy3H36HxgbD
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-