General
-
Target
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e.msi
-
Size
96KB
-
Sample
240805-lwmchswhmg
-
MD5
42ad49ed99c0d41a820316309bc2c3b3
-
SHA1
f447a72b3cbea72e1b56fda8f44fd9f304b4474a
-
SHA256
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
SHA512
4e0af295dc656ad70361363c77646fb899a1ff4a816790959e090125bdba2089eb058dfa2b18bdcede34b45d9420b6f57c0db6aefa32f9799eccec3f163bdf75
-
SSDEEP
1536:kiqCWq/Gf2CJ7ZrhzZr98n+lW0D80D+7fxun:xqCWqu+q8nLLxun
Malware Config
Targets
-
-
Target
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e.msi
-
Size
96KB
-
MD5
42ad49ed99c0d41a820316309bc2c3b3
-
SHA1
f447a72b3cbea72e1b56fda8f44fd9f304b4474a
-
SHA256
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
SHA512
4e0af295dc656ad70361363c77646fb899a1ff4a816790959e090125bdba2089eb058dfa2b18bdcede34b45d9420b6f57c0db6aefa32f9799eccec3f163bdf75
-
SSDEEP
1536:kiqCWq/Gf2CJ7ZrhzZr98n+lW0D80D+7fxun:xqCWqu+q8nLLxun
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
System Binary Proxy Execution: Regsvr32
Abuse Regsvr32 to proxy execution of malicious code.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2System Binary Proxy Execution
2Msiexec
1Regsvr32
1