magniber | fd4a482cc2d1469c31a4bed466d4acf717ecaa83af1abd677198d254ee25bf22

General

Target

7b598815af2522938f6bc3fb53010cc0
Size

38KB
Sample

231222-jvbhhscgaj
MD5

7b598815af2522938f6bc3fb53010cc0
SHA1

76b6d116179c3cd38f1b715fe1778290eb87c676
SHA256

fd4a482cc2d1469c31a4bed466d4acf717ecaa83af1abd677198d254ee25bf22
SHA512

5e3fe2689dd31b1c488256f332c829bab3e97ba89fba020a423130af13657e21341514d38f7cc33a636e47fb07294083d351d09c7887c4792fc0f1026523210a
SSDEEP

768:B51I4cnvHkMeaEIwCrbjvkTlmx3El3xF00ydemHlTfLIt3GeMdE:31Ix/eaZwCXjvY5/F7ygmRfLIt3GFE

Score

10^/10

magniber ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\readme.txt

Family

magniber

Ransom Note

ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://f86400602a20fa609ddihwvy.ypajgycpauisibmmq6en2xd6z6doiiwxitzhwbu2zmxfxwjcumvirbad.onion/ddihwvy Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://f86400602a20fa609ddihwvy.outwest.top/ddihwvy http://f86400602a20fa609ddihwvy.coldsum.space/ddihwvy http://f86400602a20fa609ddihwvy.datesat.site/ddihwvy http://f86400602a20fa609ddihwvy.outplea.xyz/ddihwvy Note! These are temporary addresses! They will be available for a limited amount of time!

URLs

http://f86400602a20fa609ddihwvy.ypajgycpauisibmmq6en2xd6z6doiiwxitzhwbu2zmxfxwjcumvirbad.onion/ddihwvy

http://f86400602a20fa609ddihwvy.outwest.top/ddihwvy

http://f86400602a20fa609ddihwvy.coldsum.space/ddihwvy

http://f86400602a20fa609ddihwvy.datesat.site/ddihwvy

http://f86400602a20fa609ddihwvy.outplea.xyz/ddihwvy

Targets

- Target
  
  7b598815af2522938f6bc3fb53010cc0
- Size
  
  38KB
- MD5
  
  7b598815af2522938f6bc3fb53010cc0
- SHA1
  
  76b6d116179c3cd38f1b715fe1778290eb87c676
- SHA256
  
  fd4a482cc2d1469c31a4bed466d4acf717ecaa83af1abd677198d254ee25bf22
- SHA512
  
  5e3fe2689dd31b1c488256f332c829bab3e97ba89fba020a423130af13657e21341514d38f7cc33a636e47fb07294083d351d09c7887c4792fc0f1026523210a
- SSDEEP
  
  768:B51I4cnvHkMeaEIwCrbjvkTlmx3El3xF00ydemHlTfLIt3GeMdE:31Ix/eaZwCXjvY5/F7ygmRfLIt3GFE
Score

10^/10

magniber ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (80) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2