0314f637928f25aee967d5bc9bc9f240b83399e3d8cba41d6b11a03582620091 | Triage

Sharing

General

Target

2024-05-23_39a694e4de1e9f828e5ac37badb7d7c6_magniber
Size

26.3MB
Sample

240523-atl37aeg6x
MD5

39a694e4de1e9f828e5ac37badb7d7c6
SHA1

82a9c35c2ea8975f158ad77cca50834dda8cefa3
SHA256

0314f637928f25aee967d5bc9bc9f240b83399e3d8cba41d6b11a03582620091
SHA512

e6c55a8d0f789ce546339ca737063a06972656661ff2c5b5575cdc7f13005156bedc3f6231acbeb27bee0d0bc21fd20419320b1f073561a9169fdb2605d46b28
SSDEEP

786432:9RtgTLKoyCeXJ+Sxr4xONXWoM5qEE2aO/Nmrvd:xgTd4EEI/NGl

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  2024-05-23_39a694e4de1e9f828e5ac37badb7d7c6_magniber
- Size
  
  26.3MB
- MD5
  
  39a694e4de1e9f828e5ac37badb7d7c6
- SHA1
  
  82a9c35c2ea8975f158ad77cca50834dda8cefa3
- SHA256
  
  0314f637928f25aee967d5bc9bc9f240b83399e3d8cba41d6b11a03582620091
- SHA512
  
  e6c55a8d0f789ce546339ca737063a06972656661ff2c5b5575cdc7f13005156bedc3f6231acbeb27bee0d0bc21fd20419320b1f073561a9169fdb2605d46b28
- SSDEEP
  
  786432:9RtgTLKoyCeXJ+Sxr4xONXWoM5qEE2aO/Nmrvd:xgTd4EEI/NGl
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2