General
-
Target
2024-02-18_f3a99faf0b6b24a8ce136a67cf1c7c3c_magniber
-
Size
1.1MB
-
Sample
240218-p46mxaab91
-
MD5
f3a99faf0b6b24a8ce136a67cf1c7c3c
-
SHA1
1ad1748c5b525caa71cf5b029371895d21191eab
-
SHA256
ffa724f8eb4f9c8521c99372da9b7ba0137d7b60b3406275c26f8e0400b3be73
-
SHA512
34b5263a5a459911d88bf828d56f1d89d15c28cacfb7ed0c188a1d19e3e83b0f9f1ea45e4793ebba838273b9d9435c31531892c007f42c992c5c770ecfac5a6e
-
SSDEEP
24576:g97CreN7inwWTHeIDUpuNIHsARhlUw6C5E+VzP9qEAipxBz:g97NI9UpuyHsAdbvE+d8YxJ
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_f3a99faf0b6b24a8ce136a67cf1c7c3c_magniber.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-02-18_f3a99faf0b6b24a8ce136a67cf1c7c3c_magniber
-
Size
1.1MB
-
MD5
f3a99faf0b6b24a8ce136a67cf1c7c3c
-
SHA1
1ad1748c5b525caa71cf5b029371895d21191eab
-
SHA256
ffa724f8eb4f9c8521c99372da9b7ba0137d7b60b3406275c26f8e0400b3be73
-
SHA512
34b5263a5a459911d88bf828d56f1d89d15c28cacfb7ed0c188a1d19e3e83b0f9f1ea45e4793ebba838273b9d9435c31531892c007f42c992c5c770ecfac5a6e
-
SSDEEP
24576:g97CreN7inwWTHeIDUpuNIHsARhlUw6C5E+VzP9qEAipxBz:g97NI9UpuyHsAdbvE+d8YxJ
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1