General
-
Target
0362769fcb15c6e11528373bb98a572e.exe
-
Size
42KB
-
Sample
221130-mz6e8sde96
-
MD5
0362769fcb15c6e11528373bb98a572e
-
SHA1
62f14e27becef8c7c889e5083c0341992e4bd57b
-
SHA256
3aec49fb761581a0b95e23b1a85b8594308491968d42d04831ae01f8949b05b4
-
SHA512
e6d739263194c61f73fc56127317e58e43caefce11294d8f0462d3891fdc142179d84844350536648d0ecde58253f64c26c017755f0a60eb79d6dbe7b07434e1
-
SSDEEP
768:MeEfWZ7x3IEnQL31NFCZQzjHfywPvMeWQGMdUU/YUze//Ywu+k:MeEfWxmCQLI+zjHKKvMMqvUzenYwzk
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.txt
magniber
http://02bc488022xdbbxfvjy.hjew6l4r3hpgj7qiloum5j7jwq7q3623v4fsbq5edbckeppeetpiihid.onion/xdbbxfvjy
http://02bc488022xdbbxfvjy.gunfail.quest/xdbbxfvjy
http://02bc488022xdbbxfvjy.raredoe.uno/xdbbxfvjy
http://02bc488022xdbbxfvjy.gaplies.fit/xdbbxfvjy
http://02bc488022xdbbxfvjy.ranmuch.space/xdbbxfvjy
Targets
-
-
Target
0362769fcb15c6e11528373bb98a572e.exe
-
Size
42KB
-
MD5
0362769fcb15c6e11528373bb98a572e
-
SHA1
62f14e27becef8c7c889e5083c0341992e4bd57b
-
SHA256
3aec49fb761581a0b95e23b1a85b8594308491968d42d04831ae01f8949b05b4
-
SHA512
e6d739263194c61f73fc56127317e58e43caefce11294d8f0462d3891fdc142179d84844350536648d0ecde58253f64c26c017755f0a60eb79d6dbe7b07434e1
-
SSDEEP
768:MeEfWZ7x3IEnQL31NFCZQzjHfywPvMeWQGMdUU/YUze//Ywu+k:MeEfWxmCQLI+zjHKKvMMqvUzenYwzk
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of SetThreadContext
-