General
-
Target
2024-04-23_e8bf7ddfe11907d58e59f02931c785e2_magniber
-
Size
1.2MB
-
Sample
240423-2hblvscd9x
-
MD5
e8bf7ddfe11907d58e59f02931c785e2
-
SHA1
d43706492de7e3fa0501d52942de33988bab25ef
-
SHA256
00d226f1af9640b720ccc4c136be2b50926f03a912a9a2cbab8b491ede753263
-
SHA512
05e90a0282fd9117e8ce7c3a2b45f3fe5be976bb51ffb794b2c4411cda0778faeaf1297f04fa2840289e918c9ce79a11a47792feff2969a06285f68eb55676e9
-
SSDEEP
24576:JicqGTWZVfvN6aSoGsZwXV22NNNKwhfmH5abENDcCB:SZ1vSoGsZwXV2ExnbENDcC
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-23_e8bf7ddfe11907d58e59f02931c785e2_magniber.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-04-23_e8bf7ddfe11907d58e59f02931c785e2_magniber
-
Size
1.2MB
-
MD5
e8bf7ddfe11907d58e59f02931c785e2
-
SHA1
d43706492de7e3fa0501d52942de33988bab25ef
-
SHA256
00d226f1af9640b720ccc4c136be2b50926f03a912a9a2cbab8b491ede753263
-
SHA512
05e90a0282fd9117e8ce7c3a2b45f3fe5be976bb51ffb794b2c4411cda0778faeaf1297f04fa2840289e918c9ce79a11a47792feff2969a06285f68eb55676e9
-
SSDEEP
24576:JicqGTWZVfvN6aSoGsZwXV22NNNKwhfmH5abENDcCB:SZ1vSoGsZwXV2ExnbENDcC
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1