General

  • Target

    2024-10-31_fe5c49aa1bde0817c6d0bf114dbcdc25_avoslocker_magniber_revil

  • Size

    6.0MB

  • Sample

    241031-psqgjszmar

  • MD5

    fe5c49aa1bde0817c6d0bf114dbcdc25

  • SHA1

    6662afc1ced3e9b76dd7aa644dd4949c76423dde

  • SHA256

    8e192d4f457019b7294dedab205ba77096275f737f1599508ea05d583f0471b7

  • SHA512

    289fabbf44cfee82bde4e1857bec20728e51a53f4a794cb9e0edd80f90b53bd1456af0c3782c3079527a43686b16d2fe80f11f1aa8f7817a643357a567cf9e50

  • SSDEEP

    98304:KrI1lEAOYB6RJ2dqW8LZJcmZQSAA4zJOi6f4sDw0dGw/RMTjYvH:5XGULEFrcnJzAxf4MFGkiv

Malware Config

Targets

    • Target

      2024-10-31_fe5c49aa1bde0817c6d0bf114dbcdc25_avoslocker_magniber_revil

    • Size

      6.0MB

    • MD5

      fe5c49aa1bde0817c6d0bf114dbcdc25

    • SHA1

      6662afc1ced3e9b76dd7aa644dd4949c76423dde

    • SHA256

      8e192d4f457019b7294dedab205ba77096275f737f1599508ea05d583f0471b7

    • SHA512

      289fabbf44cfee82bde4e1857bec20728e51a53f4a794cb9e0edd80f90b53bd1456af0c3782c3079527a43686b16d2fe80f11f1aa8f7817a643357a567cf9e50

    • SSDEEP

      98304:KrI1lEAOYB6RJ2dqW8LZJcmZQSAA4zJOi6f4sDw0dGw/RMTjYvH:5XGULEFrcnJzAxf4MFGkiv

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks