General
-
Target
2024-05-23_46da9a5ee56ddd2ac5a19336381040d8_magniber
-
Size
5.1MB
-
Sample
240523-mlxaeadc55
-
MD5
46da9a5ee56ddd2ac5a19336381040d8
-
SHA1
14556e8bb87c00e94a6dc005727227df4792aea3
-
SHA256
566aeb69b6b4d79a4ce000d96d1c5d87c63ca9ecec916afdc39876b4a616903a
-
SHA512
126b7ef6255c47cc5460fab5536549cc9d3ce549fd07ed9949869d4223b528705c593cb303f16d2e9d9db374e0cdc057c9fb049ec7a2e5fa57b6446ad3addd8f
-
SSDEEP
98304:g6vkTEvOI6YbJ8JP6yabDMTwS8g2ZFcu2B/lJJmVYrbJHD527BWG:VnJ6bP5Mg2HGJWE9VQBWG
Malware Config
Targets
-
-
Target
2024-05-23_46da9a5ee56ddd2ac5a19336381040d8_magniber
-
Size
5.1MB
-
MD5
46da9a5ee56ddd2ac5a19336381040d8
-
SHA1
14556e8bb87c00e94a6dc005727227df4792aea3
-
SHA256
566aeb69b6b4d79a4ce000d96d1c5d87c63ca9ecec916afdc39876b4a616903a
-
SHA512
126b7ef6255c47cc5460fab5536549cc9d3ce549fd07ed9949869d4223b528705c593cb303f16d2e9d9db374e0cdc057c9fb049ec7a2e5fa57b6446ad3addd8f
-
SSDEEP
98304:g6vkTEvOI6YbJ8JP6yabDMTwS8g2ZFcu2B/lJJmVYrbJHD527BWG:VnJ6bP5Mg2HGJWE9VQBWG
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-