ed38dae49bbec86fe85d9769f33f830815f29befc6a31d4510fd1db40da93505 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

2024-04-25...er.exe

windows7-x64

9

2024-04-25...er.exe

windows10-2004-x64

7

Sharing

General

Target

2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber
Size

7.3MB
Sample

240425-dz36faed78
MD5

11b652a9e6cdeb2200b0d1a051cd8248
SHA1

3f2b3865a2200325f3ee4334000aedbf5eb4a798
SHA256

ed38dae49bbec86fe85d9769f33f830815f29befc6a31d4510fd1db40da93505
SHA512

dc85de71a6ccb1be54401ee02533fdd8febfe2e729bab989df6ab7583bdd08b12c6b99f09f952c3e7541d0ab7bc3b665d137fc47e3f3bc07f779f1494b289f73
SSDEEP

196608:P8R6s222Cqw2jRNRrhWrKVo1wRuNBuyRMvypdt:9p22fw2jbRrKAEuyRMapH

Score

9^/10

discovery ransomware

Static task

static1

Behavioral task

behavioral1

Sample

2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber.exe

Resource

win7-20240221-en

discovery ransomware

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-25_11b652a9e6cdeb2200b0d1a051cd8248_mafia_magniber
- Size
  
  7.3MB
- MD5
  
  11b652a9e6cdeb2200b0d1a051cd8248
- SHA1
  
  3f2b3865a2200325f3ee4334000aedbf5eb4a798
- SHA256
  
  ed38dae49bbec86fe85d9769f33f830815f29befc6a31d4510fd1db40da93505
- SHA512
  
  dc85de71a6ccb1be54401ee02533fdd8febfe2e729bab989df6ab7583bdd08b12c6b99f09f952c3e7541d0ab7bc3b665d137fc47e3f3bc07f779f1494b289f73
- SSDEEP
  
  196608:P8R6s222Cqw2jRNRrhWrKVo1wRuNBuyRMvypdt:9p22fw2jbRrKAEuyRMapH
Score

9^/10

discovery ransomware
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing possible sandbox analysis VM usernames
- Renames multiple (52) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryransomware

behavioral2

© 2018-2024

Terms | Privacy