General
-
Target
2024-02-20_ae6b0d6747af6e8941e2b620daab8eae_magniber
-
Size
3.5MB
-
Sample
240220-gerhpacb4v
-
MD5
ae6b0d6747af6e8941e2b620daab8eae
-
SHA1
229f177f2cc869755b9fdbeb885f35103de20162
-
SHA256
4cb9f5674ec4597b651ee14c8999badaa76429f7c26ca81296b7c09569899ba9
-
SHA512
cdf410ff32d3aad3ce8a5289aa7fd0492ef99f3de53201ba13375e4bfc873404a44a837a42cb138ec96fd3142bc03da5ba59035bf4d626146bf27c3c10f61e01
-
SSDEEP
49152:UV7NOj20EwwqPPyvm1K61W6v/+HndvR/49IHY4v/:UFhwwil2Hndv
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-20_ae6b0d6747af6e8941e2b620daab8eae_magniber.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-02-20_ae6b0d6747af6e8941e2b620daab8eae_magniber
-
Size
3.5MB
-
MD5
ae6b0d6747af6e8941e2b620daab8eae
-
SHA1
229f177f2cc869755b9fdbeb885f35103de20162
-
SHA256
4cb9f5674ec4597b651ee14c8999badaa76429f7c26ca81296b7c09569899ba9
-
SHA512
cdf410ff32d3aad3ce8a5289aa7fd0492ef99f3de53201ba13375e4bfc873404a44a837a42cb138ec96fd3142bc03da5ba59035bf4d626146bf27c3c10f61e01
-
SSDEEP
49152:UV7NOj20EwwqPPyvm1K61W6v/+HndvR/49IHY4v/:UFhwwil2Hndv
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1