Overview

overview

10

Static

static

3

2024-04-15...er.exe

windows7-x64

10

2024-04-15...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-15_31fc507a4b57d985ce9fa5bf87e2ab6b_magniber

  • Size

    6.1MB

  • Sample

    240415-av1yqscd7v

  • MD5

    31fc507a4b57d985ce9fa5bf87e2ab6b

  • SHA1

    fb377dfbe77b632a5601cb754da83a8ee1f9e796

  • SHA256

    3313fc77cc169c39c5ed9e14674a1841fa8e34ee1885088f0b77616967b16717

  • SHA512

    c9c69a405efcf99bc9dcc5a7ad59fd65c2cbc39b9826f23a951e65d81d79109dbf316d50f9fd6613f88b2b3d8b4c09f6db04a7d2b22a29ea664072ae2200cbd3

  • SSDEEP

    98304:x1C2FQkf1PWGq0rUGbT5tmaFvlNdvX5M5vBT8LgeBU:x1Ci9PBnrDbvmwdXpMELgt

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Targets

    • Target

      2024-04-15_31fc507a4b57d985ce9fa5bf87e2ab6b_magniber

    • Size

      6.1MB

    • MD5

      31fc507a4b57d985ce9fa5bf87e2ab6b

    • SHA1

      fb377dfbe77b632a5601cb754da83a8ee1f9e796

    • SHA256

      3313fc77cc169c39c5ed9e14674a1841fa8e34ee1885088f0b77616967b16717

    • SHA512

      c9c69a405efcf99bc9dcc5a7ad59fd65c2cbc39b9826f23a951e65d81d79109dbf316d50f9fd6613f88b2b3d8b4c09f6db04a7d2b22a29ea664072ae2200cbd3

    • SSDEEP

      98304:x1C2FQkf1PWGq0rUGbT5tmaFvlNdvX5M5vBT8LgeBU:x1Ci9PBnrDbvmwdXpMELgt

    Score
    10/10
    banloaddownloaderdropperevasiontrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks