General
-
Target
2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber
-
Size
7.3MB
-
Sample
240425-dz36faed78
-
MD5
11b652a9e6cdeb2200b0d1a051cd8248
-
SHA1
3f2b3865a2200325f3ee4334000aedbf5eb4a798
-
SHA256
ed38dae49bbec86fe85d9769f33f830815f29befc6a31d4510fd1db40da93505
-
SHA512
dc85de71a6ccb1be54401ee02533fdd8febfe2e729bab989df6ab7583bdd08b12c6b99f09f952c3e7541d0ab7bc3b665d137fc47e3f3bc07f779f1494b289f73
-
SSDEEP
196608:P8R6s222Cqw2jRNRrhWrKVo1wRuNBuyRMvypdt:9p22fw2jbRrKAEuyRMapH
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber
-
Size
7.3MB
-
MD5
11b652a9e6cdeb2200b0d1a051cd8248
-
SHA1
3f2b3865a2200325f3ee4334000aedbf5eb4a798
-
SHA256
ed38dae49bbec86fe85d9769f33f830815f29befc6a31d4510fd1db40da93505
-
SHA512
dc85de71a6ccb1be54401ee02533fdd8febfe2e729bab989df6ab7583bdd08b12c6b99f09f952c3e7541d0ab7bc3b665d137fc47e3f3bc07f779f1494b289f73
-
SSDEEP
196608:P8R6s222Cqw2jRNRrhWrKVo1wRuNBuyRMvypdt:9p22fw2jbRrKAEuyRMapH
Score9/10-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables containing possible sandbox analysis VM usernames
-
Renames multiple (52) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-