General

  • Target

    2024-10-25_42bdad9fe64715cc4064eedb705538c8_magniber_nymaim

  • Size

    3.1MB

  • Sample

    241025-lxrcvsxglf

  • MD5

    42bdad9fe64715cc4064eedb705538c8

  • SHA1

    1c7a027e5706accffa51539fbbf6ad8a9788c942

  • SHA256

    3f7b68cff98668eb1392ef4c9c156f5f0db1e3df34ec9cc11136057700476067

  • SHA512

    7dc5b6361b4dc1ba5329467aa838917ddce898ca5f3c796bc1810a608e8e3498ab32b879973de96a78ba8620d45a0e25412fb041b30f44670048a0cc8349d927

  • SSDEEP

    49152:FMDRZ9IBVL+s0ezJGd80SHMsThF35Hj1BzuAhcEC1XoC:FMDtIXLr06AdfEThF35PzuacEQ3

Malware Config

Targets

    • Target

      2024-10-25_42bdad9fe64715cc4064eedb705538c8_magniber_nymaim

    • Size

      3.1MB

    • MD5

      42bdad9fe64715cc4064eedb705538c8

    • SHA1

      1c7a027e5706accffa51539fbbf6ad8a9788c942

    • SHA256

      3f7b68cff98668eb1392ef4c9c156f5f0db1e3df34ec9cc11136057700476067

    • SHA512

      7dc5b6361b4dc1ba5329467aa838917ddce898ca5f3c796bc1810a608e8e3498ab32b879973de96a78ba8620d45a0e25412fb041b30f44670048a0cc8349d927

    • SSDEEP

      49152:FMDRZ9IBVL+s0ezJGd80SHMsThF35Hj1BzuAhcEC1XoC:FMDtIXLr06AdfEThF35PzuacEQ3

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks