General
-
Target
2024-06-12_909cfdcee4a03c11c7f5091092955f3a_magniber_revil
-
Size
33.1MB
-
Sample
240612-svgtzazejg
-
MD5
909cfdcee4a03c11c7f5091092955f3a
-
SHA1
873c42865e4459f72ce093e933a1a254fd5b951f
-
SHA256
a8e4d28bdc0eb1f642059ada096afc4d63c874f949f63d0386e92acae798d43b
-
SHA512
63d6dae0f63edf816a3e15bb071c894d83cf0806d54a6610e254e5080c1cbc03953d1ed9ad87a7e6a5708d50c474ccceeb75ba1b334c063bfdaf564e7d2f2ff6
-
SSDEEP
393216:cjACeuSneexdxoPJZeRf2rssK12LaUjdml4+7SmLArqN8Ipf0lBhSkAePYnhbtB:Ujen5d/fbsM58mLGjIpwBPgp
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_909cfdcee4a03c11c7f5091092955f3a_magniber_revil.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-12_909cfdcee4a03c11c7f5091092955f3a_magniber_revil.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2024-06-12_909cfdcee4a03c11c7f5091092955f3a_magniber_revil
-
Size
33.1MB
-
MD5
909cfdcee4a03c11c7f5091092955f3a
-
SHA1
873c42865e4459f72ce093e933a1a254fd5b951f
-
SHA256
a8e4d28bdc0eb1f642059ada096afc4d63c874f949f63d0386e92acae798d43b
-
SHA512
63d6dae0f63edf816a3e15bb071c894d83cf0806d54a6610e254e5080c1cbc03953d1ed9ad87a7e6a5708d50c474ccceeb75ba1b334c063bfdaf564e7d2f2ff6
-
SSDEEP
393216:cjACeuSneexdxoPJZeRf2rssK12LaUjdml4+7SmLArqN8Ipf0lBhSkAePYnhbtB:Ujen5d/fbsM58mLGjIpwBPgp
Score9/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-