254a4c221d382ae5e47f2134b403d225f0f2010494fbab24689c0c19dd16b3f5 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

2024-04-28...er.exe

windows7-x64

7

2024-04-28...er.exe

windows10-2004-x64

7

Sharing

General

Target

2024-04-28_30663e3b8f0273b857dc2abcc9b0759b_magniber
Size

8.8MB
Sample

240428-e3lw1aga76
MD5

30663e3b8f0273b857dc2abcc9b0759b
SHA1

cd0230b966e9328129a7036e890cf48cfbf43471
SHA256

254a4c221d382ae5e47f2134b403d225f0f2010494fbab24689c0c19dd16b3f5
SHA512

e28e414670eaced37e9b4927467c7bda5f19c54789793c160e38e082ebb18f393b386cd44e4c63f47d26966948d6a81e0cdcc3c9443562cb0abb72fd932e572c
SSDEEP

98304:bmCMLyAw3LNIsVqygGP0w1sBJ1QttoFCqkKq7NO55f0pmsOWrqufezvWq/vUv2Ty:VJBILX6svTCZWfFWrqufezvWqHU1

Score

7^/10

discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

2024-04-28_30663e3b8f0273b857dc2abcc9b0759b_magniber.exe

Resource

win7-20240221-en

discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-28_30663e3b8f0273b857dc2abcc9b0759b_magniber.exe

Resource

win10v2004-20240419-en

discovery spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-28_30663e3b8f0273b857dc2abcc9b0759b_magniber
- Size
  
  8.8MB
- MD5
  
  30663e3b8f0273b857dc2abcc9b0759b
- SHA1
  
  cd0230b966e9328129a7036e890cf48cfbf43471
- SHA256
  
  254a4c221d382ae5e47f2134b403d225f0f2010494fbab24689c0c19dd16b3f5
- SHA512
  
  e28e414670eaced37e9b4927467c7bda5f19c54789793c160e38e082ebb18f393b386cd44e4c63f47d26966948d6a81e0cdcc3c9443562cb0abb72fd932e572c
- SSDEEP
  
  98304:bmCMLyAw3LNIsVqygGP0w1sBJ1QttoFCqkKq7NO55f0pmsOWrqufezvWq/vUv2Ty:VJBILX6svTCZWfFWrqufezvWqHU1
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy