General
-
Target
MagnusNightV3.exe
-
Size
7.3MB
-
Sample
240619-2a1k1svbjg
-
MD5
9270124369817738671883a3e7cc580d
-
SHA1
c56042daa5f9fe3ad90ef1258da3f76342c73a94
-
SHA256
4a4fc11b4ed315c35827849e28c327c9256d512505c0ff394b9c5af56b86b948
-
SHA512
7c0d81681562eccea82bfd2a8bbb6ef3fd1ef3223094f41e61a459b3e1f48deb81cf8adb9bf3dbbca1c7da55ad5545db041ff5fedcf369ba789d2eceef3b53d4
-
SSDEEP
98304:u3eYgZhUc6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1pN:uuYS6LOshoKMuIkhVastRL5Di3u01D7w
Behavioral task
behavioral1
Sample
MagnusNightV3.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
MagnusNightV3.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
�Go�-(�.pyc
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
�Go�-(�.pyc
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
MagnusNightV3.exe
-
Size
7.3MB
-
MD5
9270124369817738671883a3e7cc580d
-
SHA1
c56042daa5f9fe3ad90ef1258da3f76342c73a94
-
SHA256
4a4fc11b4ed315c35827849e28c327c9256d512505c0ff394b9c5af56b86b948
-
SHA512
7c0d81681562eccea82bfd2a8bbb6ef3fd1ef3223094f41e61a459b3e1f48deb81cf8adb9bf3dbbca1c7da55ad5545db041ff5fedcf369ba789d2eceef3b53d4
-
SSDEEP
98304:u3eYgZhUc6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1pN:uuYS6LOshoKMuIkhVastRL5Di3u01D7w
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
�Go�-(�.pyc
-
Size
1KB
-
MD5
563c4094be015f00c33c14e65ee5a808
-
SHA1
037d3bd629364db187eeae8e91cb6dcebbfabbba
-
SHA256
0c7c4793bf19390577f432810d8a7c7dbc8e08748727dad506459b7f57898638
-
SHA512
07332e4bac4a5e878defce51dc7eec45327297ab9c3dd300f4d2a3bc8d125764452a5992cb483226694ec203a35790a8cdb246703d35e41b78d2f29d84a500db
Score1/10 -