General

  • Target

    Antivirus_Upgrade_Cloud.e2550b79e6f94ab.jse

  • Size

    167KB

  • Sample

    220915-pz8xgadah3

  • MD5

    b901b278c04a64daf3622012224a8cca

  • SHA1

    0fd90e8962a3a87f10af4448250c85bda8ff48b7

  • SHA256

    56d301fe7a6b1a9e21898162b0dada9ff12878c539591052919fabcc36d28541

  • SHA512

    e648d2ae461aa71fdc578c41626a90f501bd24e5b42fa140deb886ae1091019a5fce75a58b81489225510856555902656da3ed6f4cebbcbab66ffe1872cfdaf3

  • SSDEEP

    3072:p6U8hsMvboPvqad0Y3mrTGCsmf+W0zwA0yX7AzmipeUph59pMhDhTfPDh3GZbrtc:pMvboPaY3r7W0zsOAzrqV5Tg3on1e7xS

Malware Config

Targets

    • Target

      Antivirus_Upgrade_Cloud.e2550b79e6f94ab.jse

    • Size

      167KB

    • MD5

      b901b278c04a64daf3622012224a8cca

    • SHA1

      0fd90e8962a3a87f10af4448250c85bda8ff48b7

    • SHA256

      56d301fe7a6b1a9e21898162b0dada9ff12878c539591052919fabcc36d28541

    • SHA512

      e648d2ae461aa71fdc578c41626a90f501bd24e5b42fa140deb886ae1091019a5fce75a58b81489225510856555902656da3ed6f4cebbcbab66ffe1872cfdaf3

    • SSDEEP

      3072:p6U8hsMvboPvqad0Y3mrTGCsmf+W0zwA0yX7AzmipeUph59pMhDhTfPDh3GZbrtc:pMvboPaY3r7W0zsOAzrqV5Tg3on1e7xS

    • Detect magniber ransomware

    • Magniber Ransomware

      Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Modifies boot configuration data using bcdedit

    • Deletes System State backups

      Uses wbadmin.exe to inhibit system recovery.

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks