magniber | 437df22c03110f17f0ddefc4459e271e7b7414a26199f1808f4df91a4dc18126 | Triage

Submit
Reports

Overview

overview

Static

static

b2b07b32c6...5a.msi

windows10-2004-x64

Sharing

General

Target

b2b07b32c681a44c647814d09eeac5d691ae67ebf1862bd23c639fce7027685a.zip
Size

34KB
Sample

221010-jmfr9sbcdm
MD5

a226c35d576692eb634a2a500e8d6a4e
SHA1

7d3028f0ac619a24eab1ecb024c5e95416a7cf34
SHA256

437df22c03110f17f0ddefc4459e271e7b7414a26199f1808f4df91a4dc18126
SHA512

bbd8998a2f3b637931aa122cc266600af76b95baaf519e1ad4d85808903dd80e4fa2efbed6df7db1fef31090f37870917e91ec8332b7347520c45ff777466f82
SSDEEP

768:v1dgtf77UCEsL7j1KGZL2dz4Qnm3gZBs24gd82aQ1J6mcds:NdgtXUCf7xKcL2dz4aOgd8U1dcds

Score

10^/10

magniber persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

b2b07b32c681a44c647814d09eeac5d691ae67ebf1862bd23c639fce7027685a.msi

Resource

win10v2004-20220812-en

magniber persistence ransomware

windows10-2004-x64

23 signatures

600 seconds

Malware Config

Targets

- Target
  
  b2b07b32c681a44c647814d09eeac5d691ae67ebf1862bd23c639fce7027685a.msi
- Size
  
  92KB
- MD5
  
  ddf798fa09f7c72f9fec4478841990d7
- SHA1
  
  42b8bc580bd77c330432fb7cf6d9b8c8212961bd
- SHA256
  
  b2b07b32c681a44c647814d09eeac5d691ae67ebf1862bd23c639fce7027685a
- SHA512
  
  fa39bd42f000e8dffb4638a65cb08ab0f4393a7ed8ef718efa7f3652c00cd1aa31c6f3fb5365674700a08eb066d3e514e7f8131fce0bccd9b5897ea96c9b2425
- SSDEEP
  
  768:8lUJ5BxTORGx4/dpZ6G+jzI/RyGwaW27N5MSdm4cyWMDC/yWMDCmYinj:hxTcdpZ6G//RzwaN1d00DU0D37n
Score

10^/10

magniber persistence ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

magniberpersistenceransomware

© 2018-2024

Terms | Privacy