magniber | 553e833cf333ad707a9aa18e01f6d9d4fca8935b92f15c5ddfee379eabcb9efa

General

Target

dd6d5b77ea31de026c8bfb867f14ed70
Size

38KB
Sample

231220-s8za6secc8
MD5

dd6d5b77ea31de026c8bfb867f14ed70
SHA1

7865af12c34f87e095ff70812eb753cf3f944449
SHA256

553e833cf333ad707a9aa18e01f6d9d4fca8935b92f15c5ddfee379eabcb9efa
SHA512

45f361bd370f83d07de54f21ea1beacca8fe98e12a1051f37dc8e690481675d838620d3a2cca107007981b30795afe2240de0ffff58dc3265d8e259c0fe6b220
SSDEEP

768:tpB71V2b/CK1xbFHq4VPQz+oNOOs792CZ9xJS/DR1snrFqJknw/Agw:B1S/CMbFrVPQCoDC2CbxO91qrFqSnw4g

Score

10^/10

magniber ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\readme.txt

Family

magniber

Ransom Note

ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://0490ce38e86452609fjqzqma.r4vwwgioac7x2ftfglttr7qst265edv6rhmsdmjdgt6wxzuhgx4ynfid.onion/fjqzqma Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://0490ce38e86452609fjqzqma.phoneis.website/fjqzqma http://0490ce38e86452609fjqzqma.donehim.space/fjqzqma http://0490ce38e86452609fjqzqma.lessmod.quest/fjqzqma http://0490ce38e86452609fjqzqma.fixkeys.top/fjqzqma Note! These are temporary addresses! They will be available for a limited amount of time!

URLs

http://0490ce38e86452609fjqzqma.r4vwwgioac7x2ftfglttr7qst265edv6rhmsdmjdgt6wxzuhgx4ynfid.onion/fjqzqma

http://0490ce38e86452609fjqzqma.phoneis.website/fjqzqma

http://0490ce38e86452609fjqzqma.donehim.space/fjqzqma

http://0490ce38e86452609fjqzqma.lessmod.quest/fjqzqma

http://0490ce38e86452609fjqzqma.fixkeys.top/fjqzqma

Targets

- Target
  
  dd6d5b77ea31de026c8bfb867f14ed70
- Size
  
  38KB
- MD5
  
  dd6d5b77ea31de026c8bfb867f14ed70
- SHA1
  
  7865af12c34f87e095ff70812eb753cf3f944449
- SHA256
  
  553e833cf333ad707a9aa18e01f6d9d4fca8935b92f15c5ddfee379eabcb9efa
- SHA512
  
  45f361bd370f83d07de54f21ea1beacca8fe98e12a1051f37dc8e690481675d838620d3a2cca107007981b30795afe2240de0ffff58dc3265d8e259c0fe6b220
- SSDEEP
  
  768:tpB71V2b/CK1xbFHq4VPQz+oNOOs792CZ9xJS/DR1snrFqJknw/Agw:B1S/CMbFrVPQCoDC2CbxO91qrFqSnw4g
Score

10^/10

magniber ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (57) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2