General

  • Target

    2024-06-16_4e4693c60003209053327a6f692a77d4_avoslocker_magniber_revil

  • Size

    6.0MB

  • Sample

    240616-lfnweayard

  • MD5

    4e4693c60003209053327a6f692a77d4

  • SHA1

    342d78fb28169dd70a987ff95e1716fbbbb2cc68

  • SHA256

    3c34a8beaef3f8410fa26e6ac460ca13155fc6095b10277024fd7ff8c39f8415

  • SHA512

    baeee6104846efc490e5062a5df171fe1e6ef8e84ab23abd5eb898fe6e091aed81ec1e8e7c863f68012f5398b69bb05a41eb727f421e526ae4bce6df4ef6f2ad

  • SSDEEP

    98304:S3stJARnrlGCG8z1Anqn4UJw//4ENvIPpHdVorLu4TK/O4YPk6ZD5r:BjQnRT1MEzJ4vItor64Sa8k1r

Malware Config

Targets

    • Target

      2024-06-16_4e4693c60003209053327a6f692a77d4_avoslocker_magniber_revil

    • Size

      6.0MB

    • MD5

      4e4693c60003209053327a6f692a77d4

    • SHA1

      342d78fb28169dd70a987ff95e1716fbbbb2cc68

    • SHA256

      3c34a8beaef3f8410fa26e6ac460ca13155fc6095b10277024fd7ff8c39f8415

    • SHA512

      baeee6104846efc490e5062a5df171fe1e6ef8e84ab23abd5eb898fe6e091aed81ec1e8e7c863f68012f5398b69bb05a41eb727f421e526ae4bce6df4ef6f2ad

    • SSDEEP

      98304:S3stJARnrlGCG8z1Anqn4UJw//4ENvIPpHdVorLu4TK/O4YPk6ZD5r:BjQnRT1MEzJ4vItor64Sa8k1r

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks