magniber | fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55 | Triage

Submit
Reports

Overview

overview

Static

static

fffba37840...55.msi

windows7-x64

7

fffba37840...55.msi

windows10-2004-x64

Sharing

General

Target

fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55.msi
Size

1.1MB
Sample

221104-w4ww2ahgb6
MD5

250a23219a576180547734430d71b0e6
SHA1

a5bcdb824d325d44c5e0feb5bf9389da520e6f82
SHA256

fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55
SHA512

e0c26cceff37d9328dddc9989ff75070b51a3ccd35c93e82fdcda3a828a90ac53d8604524f5195cc9d4865aa8680ccfd79f6d85710b46496ab9efea321c13417
SSDEEP

1536:j66iqjTbG3VvotZmMi0W7Ap0Ds0Dm78x:jAGelvoW0dQx

Score

10^/10

magniber persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55.msi

Resource

win7-20220901-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55.msi

Resource

win10v2004-20220812-en

magniber persistence ransomware

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55.msi
- Size
  
  1.1MB
- MD5
  
  250a23219a576180547734430d71b0e6
- SHA1
  
  a5bcdb824d325d44c5e0feb5bf9389da520e6f82
- SHA256
  
  fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55
- SHA512
  
  e0c26cceff37d9328dddc9989ff75070b51a3ccd35c93e82fdcda3a828a90ac53d8604524f5195cc9d4865aa8680ccfd79f6d85710b46496ab9efea321c13417
- SSDEEP
  
  1536:j66iqjTbG3VvotZmMi0W7Ap0Ds0Dm78x:jAGelvoW0dQx
Score

10^/10

magniber persistence ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

magniberpersistenceransomware

© 2018-2024

Terms | Privacy