General

  • Target

    2024-04-12_37b70de69e8ea3194be76b41efcb792f_magniber

  • Size

    6.2MB

  • Sample

    240412-kzq97shb73

  • MD5

    37b70de69e8ea3194be76b41efcb792f

  • SHA1

    b176ad9dcaa675b06dd490733247639b95de83ad

  • SHA256

    dc0e63c40650cc179ec013ca06902770416da7be159e3b26f6182c7581471827

  • SHA512

    61cf4ce9d63636fe018a5bbe04c9743f45d9fe0b7291a2875d7e47ecb92355eb6f13eb39a8f839d10c2e1a25d336cef9b75b5efae9141545bf4146c5fdf15624

  • SSDEEP

    98304:+iFOmPlDYwC9Fm7giCU3qCIahwFxc0N0UkqJMgPpkwk+vmpou3aCTDsRpLPYuz7w:xtVC9FjUaCryCk6+fuX6pnrU

Malware Config

Targets

    • Target

      2024-04-12_37b70de69e8ea3194be76b41efcb792f_magniber

    • Size

      6.2MB

    • MD5

      37b70de69e8ea3194be76b41efcb792f

    • SHA1

      b176ad9dcaa675b06dd490733247639b95de83ad

    • SHA256

      dc0e63c40650cc179ec013ca06902770416da7be159e3b26f6182c7581471827

    • SHA512

      61cf4ce9d63636fe018a5bbe04c9743f45d9fe0b7291a2875d7e47ecb92355eb6f13eb39a8f839d10c2e1a25d336cef9b75b5efae9141545bf4146c5fdf15624

    • SSDEEP

      98304:+iFOmPlDYwC9Fm7giCU3qCIahwFxc0N0UkqJMgPpkwk+vmpou3aCTDsRpLPYuz7w:xtVC9FjUaCryCk6+fuX6pnrU

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks