General
-
Target
2024-04-19_8740a387ed73d32e8e736adcde684843_magniber_revil
-
Size
5.4MB
-
Sample
240419-qqnevade54
-
MD5
8740a387ed73d32e8e736adcde684843
-
SHA1
66c043c05ea761996c066ac5b847f780c5a9c5de
-
SHA256
ee6cb9454f2a4430b8e4f82eda094645c56a9fa194d872854cbebe2634a7fd29
-
SHA512
97a9eb37f96b19678464e4d30bd18291b4652b5383d8f324bea239484eaa153f147f2ee116a58f2b0c4f2a6581f799a7fe1c337043a0bae963d1a84ea1d02553
-
SSDEEP
98304:EA3utc4HTUfGJeO3ADxzbWtbsTZlVkAh0YdtLltLvWf/EtK:7uc4QjVHWClVkAXLlFIx
Malware Config
Targets
-
-
Target
2024-04-19_8740a387ed73d32e8e736adcde684843_magniber_revil
-
Size
5.4MB
-
MD5
8740a387ed73d32e8e736adcde684843
-
SHA1
66c043c05ea761996c066ac5b847f780c5a9c5de
-
SHA256
ee6cb9454f2a4430b8e4f82eda094645c56a9fa194d872854cbebe2634a7fd29
-
SHA512
97a9eb37f96b19678464e4d30bd18291b4652b5383d8f324bea239484eaa153f147f2ee116a58f2b0c4f2a6581f799a7fe1c337043a0bae963d1a84ea1d02553
-
SSDEEP
98304:EA3utc4HTUfGJeO3ADxzbWtbsTZlVkAh0YdtLltLvWf/EtK:7uc4QjVHWClVkAXLlFIx
Score8/10-
Blocklisted process makes network request
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1