General

  • Target

    2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber

  • Size

    4.7MB

  • Sample

    240407-3dh1tahf4x

  • MD5

    1ec78ac0898f63c64eb19b0475e2322e

  • SHA1

    bbbbf53c06c387bf2dbc69d779c20826512d1c8d

  • SHA256

    a70135b3bf5c57e6d39dd6e9b16b25839b679fe0c44254459cfdafa8cabe4519

  • SHA512

    6bb82dfcb3e1a36de9aa362cb9ca7a26eb70a46c2d8aae010d5b73feba0fd18c833051701379c6d03c1897cb5085ada3c541fc548b8f02fc365c355873d4f159

  • SSDEEP

    98304:KqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhGmv5:L2dV7VK8tj0QufMC

Malware Config

Targets

    • Target

      2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber

    • Size

      4.7MB

    • MD5

      1ec78ac0898f63c64eb19b0475e2322e

    • SHA1

      bbbbf53c06c387bf2dbc69d779c20826512d1c8d

    • SHA256

      a70135b3bf5c57e6d39dd6e9b16b25839b679fe0c44254459cfdafa8cabe4519

    • SHA512

      6bb82dfcb3e1a36de9aa362cb9ca7a26eb70a46c2d8aae010d5b73feba0fd18c833051701379c6d03c1897cb5085ada3c541fc548b8f02fc365c355873d4f159

    • SSDEEP

      98304:KqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhGmv5:L2dV7VK8tj0QufMC

    • Renames multiple (5962) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks