General
-
Target
magniber.zip
-
Size
27KB
-
Sample
221013-wwzyqagdg7
-
MD5
c2fb7a36e30f71d0d979e14ae0724dc6
-
SHA1
95410e834d8a320fb25fd50a90a610af0a19e317
-
SHA256
71ceb2ad434eb37db1b45f4f2bb9e9cf42ce6f328759ee4f21a40c5b1557c345
-
SHA512
6745f55a101a8811b7227b023a809f7e164777030e9a5ffae435a3b4f581928d23a501b44ef06a5dc9f5b3ae712d8e153f47362355900f591ca897ceda989be3
-
SSDEEP
768:t0czwd5uQ8uwtPueywNVVlWCfSVbozL5ZxAqgPZ:tcgQY9ueXLhoML5ZxSR
Malware Config
Targets
-
-
Target
magniber
-
Size
172KB
-
MD5
66422ca83d86f5f9e18aa3da2765606c
-
SHA1
ef9b4fd687b41d504120f8970a157007ce2aef33
-
SHA256
6155453a58b0ba360fd18a32d838c4452fec374c364824b50447500c8fd12e80
-
SHA512
fd7f6b9678e8d7908a67d0166645c7dcfb50737954b3abdff84cde85fe7de5b9e4652affaba3ee742255d2c18f272a43906d3c218dc107fdf57f014805f6386f
-
SSDEEP
768:lf2dpCbpst8Z7BE4/wKw2pZSbIgMcLtKOXvSIhjIilDuBoWZq2g85UIIofMzVc2t:+45BcLs1ICiZ25PfIW5Yrh
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-