Overview

overview

10

Static

static

123d7744a4...61.jse

windows7-x64

10

123d7744a4...61.jse

windows10-2004-x64

10

2e00b278c8...e1.msi

windows7-x64

7

2e00b278c8...e1.msi

windows10-2004-x64

7

fffba37840...55.msi

windows7-x64

6

fffba37840...55.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8471052407.zip

  • Size

    159KB

  • Sample

    221129-mvmgkabf75

  • MD5

    c6c0bf2a9734d4825aaf29119f76f192

  • SHA1

    11be57cc037eea85dcca2175cdda599faf30dc3b

  • SHA256

    805b51368b9b72794aa52fbc957b4617ce6a7517f8b4ae85698ddd036cdbb7ea

  • SHA512

    9c4e7b3f3e52b203df352391782a12f12246bab1b071d752a83626ba6fd9bfe0b9fd5ffaa3e4de343fa3eccdf3ec49c2ee8af52eff03dd26ded944626cb62178

  • SSDEEP

    3072:7zfT9i4YkpO19MqsJrjL5lu1+tZIn/SXPDQWiz9eah84sg5CeatM5K+QNql:7bT9iH1ZsJr/Du1+/0qrQRoah84kHOMY

Score
10/10
magniberpersistenceransomware

Malware Config

Targets

    • Target

      123d7744a407af376b4ee4402ff8bee588b40540bcfba22fb64768d1de8c1861

    • Size

      158KB

    • MD5

      7b76b698e90df66d4f4bbecf24c95325

    • SHA1

      65ba018f76ab977c3015540630befcd6e98cf9d9

    • SHA256

      123d7744a407af376b4ee4402ff8bee588b40540bcfba22fb64768d1de8c1861

    • SHA512

      1b36ec029df4d966a349aee30d672a61a55d5b75a85d77715fe308bd05ad209e24c94effdc7e07934bcd138ccabeb9755923fea735fe47e076cf1669b5050a06

    • SSDEEP

      3072:Jm0DRG5CxnKvNN7x0r0AW4VRh/v2rdiFEnljKIwpAWFLpMh25nf2Oi:JvlGwFKvNN1k0avQiFiljKIwxLpB2Oi

    Score
    10/10
    magniberransomware

    • Detect magniber ransomware

    • Magniber Ransomware

      Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

      ransomwaremagniber

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

    • Target

      2e00b278c8bf18933c62710a9e1a928d555b660d6a4a87af86937375688311e1

    • Size

      10.0MB

    • MD5

      d675958d39e44b310e4e57f4e4f9bc12

    • SHA1

      019672cb48ea3703a7340b169d3f9a952df17a2d

    • SHA256

      2e00b278c8bf18933c62710a9e1a928d555b660d6a4a87af86937375688311e1

    • SHA512

      e584717d6288d1d40658494172610cf12328e2951ea33e0051fa69490e16b469891ef7af979b388d496e93d7f93c7f2d07188e57dcec5f429be3687a9d2f5726

    • SSDEEP

      1536:LRGzA9UOBLwp3h//nCyc5rAlKJjDs0Dg79eY:0zvOB4vcBAlKJyP

    Score
    7/10

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55

    • Size

      1.1MB

    • MD5

      250a23219a576180547734430d71b0e6

    • SHA1

      a5bcdb824d325d44c5e0feb5bf9389da520e6f82

    • SHA256

      fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55

    • SHA512

      e0c26cceff37d9328dddc9989ff75070b51a3ccd35c93e82fdcda3a828a90ac53d8604524f5195cc9d4865aa8680ccfd79f6d85710b46496ab9efea321c13417

    • SSDEEP

      1536:j66iqjTbG3VvotZmMi0W7Ap0Ds0Dm78x:jAGelvoW0dQx

    Score
    10/10
    magniberpersistenceransomware

    • Detect magniber ransomware

    • Magniber Ransomware

      Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

      ransomwaremagniber

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks