General
-
Target
2024-05-27_223a1d228be03d8332fcde7c816ba757_mafia_magniber_revil
-
Size
9.5MB
-
Sample
240527-nhlj6shf2w
-
MD5
223a1d228be03d8332fcde7c816ba757
-
SHA1
d859af22da6b1064727f7699b32e1dfcda3f4b69
-
SHA256
48bdcaf01c5274feac44487ac7f480c2d7d41c0fb15ba3fc79ae6fc30834cb38
-
SHA512
07b8b4252ab8d692ce54df9e92bccaa6dfb7467a31acc9fd7a5938619976a453c2a59c0a97e360259549bfa552ae1b1271a3cac480b233c2954b3168c9ffe4d3
-
SSDEEP
196608:fF+D+hL6obPHrvIZLfqrxwdgSb7UFbn/QENiE57I4r//JyM2t:fF+D+hL6obPHrQZLfqdwHqLIE57I47UH
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-27_223a1d228be03d8332fcde7c816ba757_mafia_magniber_revil.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-27_223a1d228be03d8332fcde7c816ba757_mafia_magniber_revil.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2024-05-27_223a1d228be03d8332fcde7c816ba757_mafia_magniber_revil
-
Size
9.5MB
-
MD5
223a1d228be03d8332fcde7c816ba757
-
SHA1
d859af22da6b1064727f7699b32e1dfcda3f4b69
-
SHA256
48bdcaf01c5274feac44487ac7f480c2d7d41c0fb15ba3fc79ae6fc30834cb38
-
SHA512
07b8b4252ab8d692ce54df9e92bccaa6dfb7467a31acc9fd7a5938619976a453c2a59c0a97e360259549bfa552ae1b1271a3cac480b233c2954b3168c9ffe4d3
-
SSDEEP
196608:fF+D+hL6obPHrvIZLfqrxwdgSb7UFbn/QENiE57I4r//JyM2t:fF+D+hL6obPHrQZLfqdwHqLIE57I47UH
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-