General
-
Target
266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95.jse
-
Size
176KB
-
Sample
220915-pdbpvadad2
-
MD5
ad184cf93d38d51111a7ef305992eb5f
-
SHA1
37b05248dbd96c8a94082471069f24a7b1036313
-
SHA256
266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95
-
SHA512
a37d0984d65b0eaef4169a22e5802ac8f24b9508b717f46b2911ad583f5a4b2e4f59bd31c317976f14995ba69a7855318ef7d5e0ba866d3b8fc1db352a14c56e
-
SSDEEP
3072:x4xkakIeI6QKzm+bga+V9cw+yOTE4o5V0eD11TbXx1113B1WR9KflL11H6IFNC4v:GfelQKzbMYJQ4o5VxhakLDNyjt8
Malware Config
Targets
-
-
Target
266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95.jse
-
Size
176KB
-
MD5
ad184cf93d38d51111a7ef305992eb5f
-
SHA1
37b05248dbd96c8a94082471069f24a7b1036313
-
SHA256
266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95
-
SHA512
a37d0984d65b0eaef4169a22e5802ac8f24b9508b717f46b2911ad583f5a4b2e4f59bd31c317976f14995ba69a7855318ef7d5e0ba866d3b8fc1db352a14c56e
-
SSDEEP
3072:x4xkakIeI6QKzm+bga+V9cw+yOTE4o5V0eD11TbXx1113B1WR9KflL11H6IFNC4v:GfelQKzbMYJQ4o5VxhakLDNyjt8
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-