General

  • Target

    2024-04-07_b97de48c5024d22ca945bda2383555b2_magniber

  • Size

    5.8MB

  • Sample

    240407-v9cvnsad69

  • MD5

    b97de48c5024d22ca945bda2383555b2

  • SHA1

    fc069786bb07c62d871449ca4cca8cdffe6d6b4e

  • SHA256

    1354c1ef785e3d7aef4979b99b39e5886f47e82c1b3409420cb21c56098accab

  • SHA512

    97d58dfd742bbda49a9c8427c8bb0758de1bbec63106df87904f2aefd9c1d47cdd0dbef54e8fcc269eac8f0ba4fbb54b5841f2b023c02c9310baee28861cc0e4

  • SSDEEP

    98304:/YvoKhqqe2nun4wPPPJ+epgFnce4ryC+zEG1O1uFY6MMQS7kGLws:YZhPDMH3hgp9CkE6wKRML3s

Malware Config

Targets

    • Target

      2024-04-07_b97de48c5024d22ca945bda2383555b2_magniber

    • Size

      5.8MB

    • MD5

      b97de48c5024d22ca945bda2383555b2

    • SHA1

      fc069786bb07c62d871449ca4cca8cdffe6d6b4e

    • SHA256

      1354c1ef785e3d7aef4979b99b39e5886f47e82c1b3409420cb21c56098accab

    • SHA512

      97d58dfd742bbda49a9c8427c8bb0758de1bbec63106df87904f2aefd9c1d47cdd0dbef54e8fcc269eac8f0ba4fbb54b5841f2b023c02c9310baee28861cc0e4

    • SSDEEP

      98304:/YvoKhqqe2nun4wPPPJ+epgFnce4ryC+zEG1O1uFY6MMQS7kGLws:YZhPDMH3hgp9CkE6wKRML3s

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks