7109dad9bf6b84cd5f7726c0da2b14d874c406ba7b61615269e8c0c8d0993814 | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-11...xz.exe

windows7-x64

9

2024-05-11...xz.exe

windows10-2004-x64

9

Sharing

General

Target

2024-05-11_571c4af4cedef9b6d90dd0c125dc15ae_magniber_zxxz
Size

5.1MB
Sample

240511-n6yjmsfa6z
MD5

571c4af4cedef9b6d90dd0c125dc15ae
SHA1

9b93f2f375c70d7f65453a6c2a19ff02642b01e9
SHA256

7109dad9bf6b84cd5f7726c0da2b14d874c406ba7b61615269e8c0c8d0993814
SHA512

b96bd93d05d45e20665513ac8fe90f3a8eff2a1e9c350dd869b0c8fca99f0ba38e935db97f198f2bdf31dc9d8a7aab8147f48175bf785f3659f621e8e4a53a7c
SSDEEP

98304:RQvO/XAnnXrv9qCUI48Kbnk48LRYJ5wk4r3z:R76nXrv9qCUI48W3O

Score

10^/10

evasion execution upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-05-11_571c4af4cedef9b6d90dd0c125dc15ae_magniber_zxxz.exe

Resource

win7-20240508-en

evasion execution upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-11_571c4af4cedef9b6d90dd0c125dc15ae_magniber_zxxz.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-11_571c4af4cedef9b6d90dd0c125dc15ae_magniber_zxxz
- Size
  
  5.1MB
- MD5
  
  571c4af4cedef9b6d90dd0c125dc15ae
- SHA1
  
  9b93f2f375c70d7f65453a6c2a19ff02642b01e9
- SHA256
  
  7109dad9bf6b84cd5f7726c0da2b14d874c406ba7b61615269e8c0c8d0993814
- SHA512
  
  b96bd93d05d45e20665513ac8fe90f3a8eff2a1e9c350dd869b0c8fca99f0ba38e935db97f198f2bdf31dc9d8a7aab8147f48175bf785f3659f621e8e4a53a7c
- SSDEEP
  
  98304:RQvO/XAnnXrv9qCUI48Kbnk48LRYJ5wk4r3z:R76nXrv9qCUI48W3O
Score

9^/10

evasion execution upx
- Detects JavaScript files used for persistence and executable or script execution
- UPX dump on OEP (original entry point)
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionexecutionupx

behavioral2

© 2018-2024

Terms | Privacy