magniber | 378aaaf87dd28992eb2dff01fde5698ac9d10ab28cb8cf6fb28956639261f77b

General

Target

Magniber Windows update ransom sample.zip
Size

71KB
Sample

230906-cxsq9acg6t
MD5

ad0e710e6f975104d81f7871e0b9b82b
SHA1

20610fb3dc3d7219c270215593795f1dd25ce74c
SHA256

378aaaf87dd28992eb2dff01fde5698ac9d10ab28cb8cf6fb28956639261f77b
SHA512

e988059b55848667810930b50153230dacfe79a17da28cf5224c2531e6f9f669acfbccbd858091028473f9d0e8ad446d71faa8d3b80e44b9f5b124dcc594f9ae
SSDEEP

1536:atjQVxyWGNUJ01V6GeG32QKgZESkIg1jhdCFNdko5onUWY:ax2xJGNPb6zGIp0Nuo5o+

Score

10^/10

magniber ransomware

Malware Config

Targets

- Target
  
  Win10.0_System_Upgrade_Software (1).msi
- Size
  
  96KB
- MD5
  
  6c120194a2f94ef993950e55bd00108b
- SHA1
  
  670b20bf3be343efec6a162c3fc5443c9ec0f367
- SHA256
  
  48b9a931b49c1b20ec23f182246b937265e735937c2d798f9f2fee557018b629
- SHA512
  
  b4976bd4ba4bc3092ac924cbd7423e27a73aa926282f3fa36ba14892defec5e8fec2f6460fbcbb03ee4b7831610d45dd7290dd12ab61a8ce24911f51879494ae
- SSDEEP
  
  1536:9w6uKzgNtoaIbxxmNDMOVASySUXFmff0D80Dq7fx5:9kKzkYs3SSyS+UbLx5
Score

10^/10

magniber ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (83) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Win10.0_System_Upgrade_Software.msi
- Size
  
  92KB
- MD5
  
  108c1a102c58234f4cda627079df75c3
- SHA1
  
  21d6f08bd6bab100eb0b1a09c806c78577ec5b25
- SHA256
  
  a0e41e8c856a4e7a71893abf513b6ebefde78dd81b37e560a29cf25a83b9df9b
- SHA512
  
  0f4476005fa08acf212e1ec8bb548a9503a998e063e048de9cce438500f13ff5a98acac8ba4c3eeaf5572b583c6da9e2af23e23e3971675e260c628c2d6afb9b
- SSDEEP
  
  1536:hzzvCgcyW/eh+qZR1alA9Dh0naIk2maifvWxWxWrspnfp+0D80Duu7fxFa:R1cz2h+gilA1fp3LxFa
Score

10^/10

magniber ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral3 behavioral4