General
-
Target
a0f95786d74ff238ac3b3b415949ace0N.exe
-
Size
306KB
-
Sample
240827-twamqa1gnl
-
MD5
a0f95786d74ff238ac3b3b415949ace0
-
SHA1
0b5be735058fd69dd45f6cf22fdb2d2905f4cb62
-
SHA256
df8dce1ee7e2c194ff3be88cc11e3ecd69ccfabb9b2ae9beb5e83b55ce628d4a
-
SHA512
29c19dd384f272464fb697713978e3ed31eb0785a459878cabc9f1bad56328b1818470d7ea82d86ab9d9f7d90daaead2de32fe514c9b4254e9e33dbeb4c248f1
-
SSDEEP
3072:VdTfrxerj474EArcIxwgWDaKwAF3kQvlwXIHO6zqf50huP9Vvgmn5NgjFkm:HTjUelArcI2g/2/aXIHOGqh02vgiAkm
Malware Config
Targets
-
-
Target
a0f95786d74ff238ac3b3b415949ace0N.exe
-
Size
306KB
-
MD5
a0f95786d74ff238ac3b3b415949ace0
-
SHA1
0b5be735058fd69dd45f6cf22fdb2d2905f4cb62
-
SHA256
df8dce1ee7e2c194ff3be88cc11e3ecd69ccfabb9b2ae9beb5e83b55ce628d4a
-
SHA512
29c19dd384f272464fb697713978e3ed31eb0785a459878cabc9f1bad56328b1818470d7ea82d86ab9d9f7d90daaead2de32fe514c9b4254e9e33dbeb4c248f1
-
SSDEEP
3072:VdTfrxerj474EArcIxwgWDaKwAF3kQvlwXIHO6zqf50huP9Vvgmn5NgjFkm:HTjUelArcI2g/2/aXIHOGqh02vgiAkm
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-