Overview

overview

10

Static

static

3

2024-05-27...il.exe

windows7-x64

10

2024-05-27...il.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-27_223a1d228be03d8332fcde7c816ba757_mafia_magniber_revil

  • Size

    9.5MB

  • Sample

    240527-nhlj6shf2w

  • MD5

    223a1d228be03d8332fcde7c816ba757

  • SHA1

    d859af22da6b1064727f7699b32e1dfcda3f4b69

  • SHA256

    48bdcaf01c5274feac44487ac7f480c2d7d41c0fb15ba3fc79ae6fc30834cb38

  • SHA512

    07b8b4252ab8d692ce54df9e92bccaa6dfb7467a31acc9fd7a5938619976a453c2a59c0a97e360259549bfa552ae1b1271a3cac480b233c2954b3168c9ffe4d3

  • SSDEEP

    196608:fF+D+hL6obPHrvIZLfqrxwdgSb7UFbn/QENiE57I4r//JyM2t:fF+D+hL6obPHrQZLfqdwHqLIE57I47UH

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Targets

    • Target

      2024-05-27_223a1d228be03d8332fcde7c816ba757_mafia_magniber_revil

    • Size

      9.5MB

    • MD5

      223a1d228be03d8332fcde7c816ba757

    • SHA1

      d859af22da6b1064727f7699b32e1dfcda3f4b69

    • SHA256

      48bdcaf01c5274feac44487ac7f480c2d7d41c0fb15ba3fc79ae6fc30834cb38

    • SHA512

      07b8b4252ab8d692ce54df9e92bccaa6dfb7467a31acc9fd7a5938619976a453c2a59c0a97e360259549bfa552ae1b1271a3cac480b233c2954b3168c9ffe4d3

    • SSDEEP

      196608:fF+D+hL6obPHrvIZLfqrxwdgSb7UFbn/QENiE57I4r//JyM2t:fF+D+hL6obPHrQZLfqdwHqLIE57I47UH

    Score
    10/10
    banloaddownloaderdropperevasiontrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks