magniber | c7d0dd48bc5c3d78570fa583b6c05ec65202c6abb9d6bcf1a1bb7c5d5b74e091

General

Target

db6e1b6448189f395724004a5465ce8c
Size

38KB
Sample

240321-msp5nsbb8v
MD5

db6e1b6448189f395724004a5465ce8c
SHA1

96ae8d941c0f4a4f57e0c2e621ee57e82ccd88e4
SHA256

c7d0dd48bc5c3d78570fa583b6c05ec65202c6abb9d6bcf1a1bb7c5d5b74e091
SHA512

330f7b442764c93f9e972c95ac68dffce44a58fc0c56348b0d5169a5a7ba34ddce6dca5ee5f6d7fa1751cffdebec76f128cae9dbc182c807211a91c7bf2f9532
SSDEEP

768:Hxk0dnXaA0tiqdwmWlCh+o6pMauVwhQg63nJC0fGu+/wpQO9Jp1Lwu:C0otY9iH3auVwKgcJPkJO7

Score

10^/10

magniber ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\readme.txt

Family

magniber

Ransom Note

ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://00c04840242cfc406ecytywyhto.ntjflrx6uhwcmfhnn3yewv2wfhtqtjyfkvyrvjz4wuo6uw33yw7sfiid.onion/cytywyhto Note! This page is available via "Tor Browser" only. ==================================================================================================== Also you can use temporary addresses on your personal page without using "Tor Browser": http://00c04840242cfc406ecytywyhto.bitslet.uno/cytywyhto http://00c04840242cfc406ecytywyhto.canyour.xyz/cytywyhto http://00c04840242cfc406ecytywyhto.dogper.space/cytywyhto http://00c04840242cfc406ecytywyhto.ballcan.xyz/cytywyhto Note! These are temporary addresses! They will be available for a limited amount of time!

URLs

http://00c04840242cfc406ecytywyhto.ntjflrx6uhwcmfhnn3yewv2wfhtqtjyfkvyrvjz4wuo6uw33yw7sfiid.onion/cytywyhto

http://00c04840242cfc406ecytywyhto.bitslet.uno/cytywyhto

http://00c04840242cfc406ecytywyhto.canyour.xyz/cytywyhto

http://00c04840242cfc406ecytywyhto.dogper.space/cytywyhto

http://00c04840242cfc406ecytywyhto.ballcan.xyz/cytywyhto

Targets

- Target
  
  db6e1b6448189f395724004a5465ce8c
- Size
  
  38KB
- MD5
  
  db6e1b6448189f395724004a5465ce8c
- SHA1
  
  96ae8d941c0f4a4f57e0c2e621ee57e82ccd88e4
- SHA256
  
  c7d0dd48bc5c3d78570fa583b6c05ec65202c6abb9d6bcf1a1bb7c5d5b74e091
- SHA512
  
  330f7b442764c93f9e972c95ac68dffce44a58fc0c56348b0d5169a5a7ba34ddce6dca5ee5f6d7fa1751cffdebec76f128cae9dbc182c807211a91c7bf2f9532
- SSDEEP
  
  768:Hxk0dnXaA0tiqdwmWlCh+o6pMauVwhQg63nJC0fGu+/wpQO9Jp1Lwu:C0otY9iH3auVwKgcJPkJO7
Score

10^/10

magniber ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (86) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2