98906f72ecef56cec85b9e9ab9e626b3a300d12b94fa3483058eedafeccc80b0 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

2024-04-17...er.exe

windows7-x64

9

2024-04-17...er.exe

windows10-2004-x64

7

Sharing

General

Target

2024-04-17_a160fa14ae6122d05b508ad8ca8b65f8_mafia_magniber
Size

7.2MB
Sample

240417-nhx8zaeg8s
MD5

a160fa14ae6122d05b508ad8ca8b65f8
SHA1

4b3cc9a8ffa48b81d595e7dc2aebb8edbb33f16a
SHA256

98906f72ecef56cec85b9e9ab9e626b3a300d12b94fa3483058eedafeccc80b0
SHA512

ba0ef150b474135bbd4a6040a902e70a386078f63ba3531ba2076224d05122de8b12ca3ec985570650d98aa9bc69cfbf88c910ab862e06b54b14927a6519fe49
SSDEEP

196608:CoTZvEvmyX/rboITFerHWrKVo1wRuNBuyRMvypdW:CEEvmyX/rbtTFeYAEuyRMapA

Score

9^/10

discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

2024-04-17_a160fa14ae6122d05b508ad8ca8b65f8_mafia_magniber.exe

Resource

win7-20240221-en

discovery persistence ransomware

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-17_a160fa14ae6122d05b508ad8ca8b65f8_mafia_magniber.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-17_a160fa14ae6122d05b508ad8ca8b65f8_mafia_magniber
- Size
  
  7.2MB
- MD5
  
  a160fa14ae6122d05b508ad8ca8b65f8
- SHA1
  
  4b3cc9a8ffa48b81d595e7dc2aebb8edbb33f16a
- SHA256
  
  98906f72ecef56cec85b9e9ab9e626b3a300d12b94fa3483058eedafeccc80b0
- SHA512
  
  ba0ef150b474135bbd4a6040a902e70a386078f63ba3531ba2076224d05122de8b12ca3ec985570650d98aa9bc69cfbf88c910ab862e06b54b14927a6519fe49
- SSDEEP
  
  196608:CoTZvEvmyX/rboITFerHWrKVo1wRuNBuyRMvypdW:CEEvmyX/rbtTFeYAEuyRMapA
Score

9^/10

discovery persistence ransomware
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing possible sandbox analysis VM usernames
- Renames multiple (595) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceransomware

behavioral2

© 2018-2024

Terms | Privacy