magniber | 5642ad44f0697e5c7d1c09a862bc32bd0e7da73e8ed717899b111fe5ce61a713

General

Target

53e5fc2375ca90b7345c7533aa34e7cb
Size

38KB
Sample

231222-c3lvwsgeeq
MD5

53e5fc2375ca90b7345c7533aa34e7cb
SHA1

e52901f32031dea26e087ea28a22b11324fe2616
SHA256

5642ad44f0697e5c7d1c09a862bc32bd0e7da73e8ed717899b111fe5ce61a713
SHA512

9512625afdc6f9547af0bd5d47661c2f3cf2cac7abec50393b906bfc9b01ea7878260db49a41cb69c1aadbac65cd38b203faa94e0cfb51e40dcb7e6c801b9fb4
SSDEEP

768:fESk4VQoQCC3cHHrnZOVSJbNZoMzODqY3PnwZDZe7nmoot9kq3W33WuZEcSfuC:fDk1RCCMHVOeH3OvwZF+nct9kqGHWuYp

Score

10^/10

magniber ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\readme.txt

Family

magniber

Ransom Note

ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://e04064b8ee7c56d05aowpynsoc.ypajgycpauisibmmq6en2xd6z6doiiwxitzhwbu2zmxfxwjcumvirbad.onion/owpynsoc Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://e04064b8ee7c56d05aowpynsoc.coldsum.space/owpynsoc http://e04064b8ee7c56d05aowpynsoc.datesat.site/owpynsoc http://e04064b8ee7c56d05aowpynsoc.outplea.xyz/owpynsoc http://e04064b8ee7c56d05aowpynsoc.outwest.top/owpynsoc Note! These are temporary addresses! They will be available for a limited amount of time!

URLs

http://e04064b8ee7c56d05aowpynsoc.ypajgycpauisibmmq6en2xd6z6doiiwxitzhwbu2zmxfxwjcumvirbad.onion/owpynsoc

http://e04064b8ee7c56d05aowpynsoc.coldsum.space/owpynsoc

http://e04064b8ee7c56d05aowpynsoc.datesat.site/owpynsoc

http://e04064b8ee7c56d05aowpynsoc.outplea.xyz/owpynsoc

http://e04064b8ee7c56d05aowpynsoc.outwest.top/owpynsoc

Targets

- Target
  
  53e5fc2375ca90b7345c7533aa34e7cb
- Size
  
  38KB
- MD5
  
  53e5fc2375ca90b7345c7533aa34e7cb
- SHA1
  
  e52901f32031dea26e087ea28a22b11324fe2616
- SHA256
  
  5642ad44f0697e5c7d1c09a862bc32bd0e7da73e8ed717899b111fe5ce61a713
- SHA512
  
  9512625afdc6f9547af0bd5d47661c2f3cf2cac7abec50393b906bfc9b01ea7878260db49a41cb69c1aadbac65cd38b203faa94e0cfb51e40dcb7e6c801b9fb4
- SSDEEP
  
  768:fESk4VQoQCC3cHHrnZOVSJbNZoMzODqY3PnwZDZe7nmoot9kq3W33WuZEcSfuC:fDk1RCCMHVOeH3OvwZF+nct9kqGHWuYp
Score

10^/10

magniber ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (66) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2