General
-
Target
2024-02-22_b89cea0244642959a8a49b8fbac2e641_magniber
-
Size
6.1MB
-
Sample
240222-t6flqace6z
-
MD5
b89cea0244642959a8a49b8fbac2e641
-
SHA1
31cb46b802b67752384bcf7213b53a5578da36c2
-
SHA256
4a6a85d268aa7bf2c6248320ac094b8a2566787a1c7f0a07598d2fcb25937791
-
SHA512
0b4860f09831254c7bffd53ec3423569bd32b631200be1a4a2fefeb18fc3a206b90763bac36e6b074dcf96bead76dda0b78cab9310e8b9ad8c7ec76ef04ae52f
-
SSDEEP
98304:zAooCuZDq0JMSDdMyWItfxzNj2lvnvXUU7uSmnhR9Qd:qCuAsT2xnvXtDOhRK
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-22_b89cea0244642959a8a49b8fbac2e641_magniber.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-02-22_b89cea0244642959a8a49b8fbac2e641_magniber
-
Size
6.1MB
-
MD5
b89cea0244642959a8a49b8fbac2e641
-
SHA1
31cb46b802b67752384bcf7213b53a5578da36c2
-
SHA256
4a6a85d268aa7bf2c6248320ac094b8a2566787a1c7f0a07598d2fcb25937791
-
SHA512
0b4860f09831254c7bffd53ec3423569bd32b631200be1a4a2fefeb18fc3a206b90763bac36e6b074dcf96bead76dda0b78cab9310e8b9ad8c7ec76ef04ae52f
-
SSDEEP
98304:zAooCuZDq0JMSDdMyWItfxzNj2lvnvXUU7uSmnhR9Qd:qCuAsT2xnvXtDOhRK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Sets service image path in registry
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
1