1f7cd9aa0b1ca7da749f176dd1e27bec59dccc7a47eca4a0234a96ffd59237bf | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-27...il.exe

windows7-x64

8

2024-04-27...il.exe

windows10-2004-x64

7

Sharing

General

Target

2024-04-27_0fec6e7f658dabd5693071fdeba1bef0_magniber_revil
Size

17.9MB
Sample

240427-ms5kcshe4s
MD5

0fec6e7f658dabd5693071fdeba1bef0
SHA1

dcc3bd498c9fb998b71c060e98001d5c423fc720
SHA256

1f7cd9aa0b1ca7da749f176dd1e27bec59dccc7a47eca4a0234a96ffd59237bf
SHA512

b6c42e946bb73e2d504c2277da24194e020f4f8b7dfc8c010d7cd3b1f559e02cf02a1c53fd5cd6c99045d6f48ee8015c8edaeb09247d1c3e438ffeb084a3c07e
SSDEEP

196608:sGDZ9hB+JsVSeYmvvsqirsYmDwwzuhK+IAsrZOurqN+ElcA9ORd3MM:ZZ9vjVXPsqPtz3jdOurqNjG3

Score

10^/10

bootkit discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-04-27_0fec6e7f658dabd5693071fdeba1bef0_magniber_revil.exe

Resource

win7-20240221-en

bootkit discovery persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-27_0fec6e7f658dabd5693071fdeba1bef0_magniber_revil.exe

Resource

win10v2004-20240419-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-27_0fec6e7f658dabd5693071fdeba1bef0_magniber_revil
- Size
  
  17.9MB
- MD5
  
  0fec6e7f658dabd5693071fdeba1bef0
- SHA1
  
  dcc3bd498c9fb998b71c060e98001d5c423fc720
- SHA256
  
  1f7cd9aa0b1ca7da749f176dd1e27bec59dccc7a47eca4a0234a96ffd59237bf
- SHA512
  
  b6c42e946bb73e2d504c2277da24194e020f4f8b7dfc8c010d7cd3b1f559e02cf02a1c53fd5cd6c99045d6f48ee8015c8edaeb09247d1c3e438ffeb084a3c07e
- SSDEEP
  
  196608:sGDZ9hB+JsVSeYmvvsqirsYmDwwzuhK+IAsrZOurqN+ElcA9ORd3MM:ZZ9vjVXPsqPtz3jdOurqNjG3
Score

8^/10

bootkit discovery persistence spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

behavioral2

bootkitdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy