General
-
Target
1.exe.virus
-
Size
53KB
-
Sample
221020-jdpntabgd8
-
MD5
afe19f73bf4bcbd0dd9e40202b3bb459
-
SHA1
1e4c3400c98b5c7454edd6f7e384e8b0fdd39083
-
SHA256
65c45e2cc82cfdc0f073223eb81cada3b3689273bc442a5a95b374ab9fe06fb7
-
SHA512
a9c274c1519293017e6840e14e97ecc667c1936b3f63824f97aae04a9473fd2627813d2b5ada7b203fcea4b2fb591b35300fdb91dd582d74e9882c534c76199b
-
SSDEEP
768:d6Eu6jk3mjA9o5dpgqXtcGPhFDhgYBod9OxYX1q:djLU9q3gcLPhhhgYW91
Malware Config
Targets
-
-
Target
1.exe.virus
-
Size
53KB
-
MD5
afe19f73bf4bcbd0dd9e40202b3bb459
-
SHA1
1e4c3400c98b5c7454edd6f7e384e8b0fdd39083
-
SHA256
65c45e2cc82cfdc0f073223eb81cada3b3689273bc442a5a95b374ab9fe06fb7
-
SHA512
a9c274c1519293017e6840e14e97ecc667c1936b3f63824f97aae04a9473fd2627813d2b5ada7b203fcea4b2fb591b35300fdb91dd582d74e9882c534c76199b
-
SSDEEP
768:d6Eu6jk3mjA9o5dpgqXtcGPhFDhgYBod9OxYX1q:djLU9q3gcLPhhhgYW91
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-