magniber | 56d301fe7a6b1a9e21898162b0dada9ff12878c539591052919fabcc36d28541 | Triage

Submit
Reports

Overview

overview

Static

static

Antivirus_...ab.jse

windows7-x64

Antivirus_...ab.jse

windows10-2004-x64

Sharing

General

Target

Antivirus_Upgrade_Cloud.e2550b79e6f94ab.jse
Size

167KB
Sample

220915-p5ssfadba9
MD5

b901b278c04a64daf3622012224a8cca
SHA1

0fd90e8962a3a87f10af4448250c85bda8ff48b7
SHA256

56d301fe7a6b1a9e21898162b0dada9ff12878c539591052919fabcc36d28541
SHA512

e648d2ae461aa71fdc578c41626a90f501bd24e5b42fa140deb886ae1091019a5fce75a58b81489225510856555902656da3ed6f4cebbcbab66ffe1872cfdaf3
SSDEEP

3072:p6U8hsMvboPvqad0Y3mrTGCsmf+W0zwA0yX7AzmipeUph59pMhDhTfPDh3GZbrtc:pMvboPaY3r7W0zsOAzrqV5Tg3on1e7xS

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Antivirus_Upgrade_Cloud.e2550b79e6f94ab.jse

Resource

win7-20220901-en

magniber ransomware

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Antivirus_Upgrade_Cloud.e2550b79e6f94ab.jse

Resource

win10v2004-20220812-en

magniber evasion ransomware

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Antivirus_Upgrade_Cloud.e2550b79e6f94ab.jse
- Size
  
  167KB
- MD5
  
  b901b278c04a64daf3622012224a8cca
- SHA1
  
  0fd90e8962a3a87f10af4448250c85bda8ff48b7
- SHA256
  
  56d301fe7a6b1a9e21898162b0dada9ff12878c539591052919fabcc36d28541
- SHA512
  
  e648d2ae461aa71fdc578c41626a90f501bd24e5b42fa140deb886ae1091019a5fce75a58b81489225510856555902656da3ed6f4cebbcbab66ffe1872cfdaf3
- SSDEEP
  
  3072:p6U8hsMvboPvqad0Y3mrTGCsmf+W0zwA0yX7AzmipeUph59pMhDhTfPDh3GZbrtc:pMvboPaY3r7W0zsOAzrqV5Tg3on1e7xS
Score

10^/10

magniber ransomware evasion
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

magniberransomware

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy