General
-
Target
2024-02-16_a33c5d4ac7ac9fad76d5bc2178ccace3_magniber
-
Size
2.1MB
-
Sample
240216-s8y1each6s
-
MD5
a33c5d4ac7ac9fad76d5bc2178ccace3
-
SHA1
1e0255b736db7fa4214003aa12716f8e59d75066
-
SHA256
b478c984d3723dc03f08b5f98dc28c4e9af01af42d3cc1c8a09471e9d9011ed0
-
SHA512
d74e2ba52687d31dabd5f7751ac12a39096b9ee61b20c8c7feaebef93b3f3e881a528a5b8d91ac950794cce0d2ee1e41b13dbf1512bfca7a0e4d471475809d44
-
SSDEEP
49152:V0r4wrcRjV4WcxG2SnksRH4givBA1N8IQgZmtf/nnH:S8woRj9cxGxkq4/vBAIIQXnnH
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-16_a33c5d4ac7ac9fad76d5bc2178ccace3_magniber.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-02-16_a33c5d4ac7ac9fad76d5bc2178ccace3_magniber
-
Size
2.1MB
-
MD5
a33c5d4ac7ac9fad76d5bc2178ccace3
-
SHA1
1e0255b736db7fa4214003aa12716f8e59d75066
-
SHA256
b478c984d3723dc03f08b5f98dc28c4e9af01af42d3cc1c8a09471e9d9011ed0
-
SHA512
d74e2ba52687d31dabd5f7751ac12a39096b9ee61b20c8c7feaebef93b3f3e881a528a5b8d91ac950794cce0d2ee1e41b13dbf1512bfca7a0e4d471475809d44
-
SSDEEP
49152:V0r4wrcRjV4WcxG2SnksRH4givBA1N8IQgZmtf/nnH:S8woRj9cxGxkq4/vBAIIQXnnH
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5