Overview

overview

7

Static

static

1

2024-09-01...il.exe

windows7-x64

7

2024-09-01...il.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-01_1b4994093c16ac227c82e93c656f4680_get-user-info_hijackloader_magniber_revil

  • Size

    28.9MB

  • Sample

    240901-mgb4nsyapp

  • MD5

    1b4994093c16ac227c82e93c656f4680

  • SHA1

    bc30c0dddda8b6aaf9fe7ff1fd173e8cd640961d

  • SHA256

    4ef038de745e267a0046b2e9ffd14ead8c2cff3e4a9f0493e8b240b3b05e6411

  • SHA512

    3bceed380418b7b627b6d4d6430df204beebac542761b6289be8096c967f0372670f75625ac122ecae563b2470f2bb376b684bc81603f868d774b436807c31f9

  • SSDEEP

    393216:xKLsNkLB1Eyzzhjc9GZ1nncBC2NqFOvoizJ2jacQu3d0J4rYRZKV1PEr0lR4fjvJ:IoNqEyG9Grfs3zxcQh0o7vYG

Score
7/10
defense_evasiondiscoveryexecution

Malware Config

Targets

    • Target

      2024-09-01_1b4994093c16ac227c82e93c656f4680_get-user-info_hijackloader_magniber_revil

    • Size

      28.9MB

    • MD5

      1b4994093c16ac227c82e93c656f4680

    • SHA1

      bc30c0dddda8b6aaf9fe7ff1fd173e8cd640961d

    • SHA256

      4ef038de745e267a0046b2e9ffd14ead8c2cff3e4a9f0493e8b240b3b05e6411

    • SHA512

      3bceed380418b7b627b6d4d6430df204beebac542761b6289be8096c967f0372670f75625ac122ecae563b2470f2bb376b684bc81603f868d774b436807c31f9

    • SSDEEP

      393216:xKLsNkLB1Eyzzhjc9GZ1nncBC2NqFOvoizJ2jacQu3d0J4rYRZKV1PEr0lR4fjvJ:IoNqEyG9Grfs3zxcQh0o7vYG

    Score
    7/10
    defense_evasiondiscoveryexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks