General
-
Target
2024-11-15_09ecc9f2670ae3f57b62c491ddccee89_luca-stealer_magniber
-
Size
5.7MB
-
Sample
241115-pxbtysthqj
-
MD5
09ecc9f2670ae3f57b62c491ddccee89
-
SHA1
aef08c169e9a17b7a1a07a710a4c1ef834dbc548
-
SHA256
c0321683336eff3967a4a4afd3ab713eb113d29b3425911ea3b9b8351870e35e
-
SHA512
b1d19cffc742f7cbc921d3531fe9b19edcdcd434578b8cc9b9eb22d2500755da5e2bf0dd31469c6e195715dc875c1c510e2aa4b814d7a776155439194564e702
-
SSDEEP
49152:/mlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:kiH9MfT3NwMkKhBRr0yAk6qkKvs
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-15_09ecc9f2670ae3f57b62c491ddccee89_luca-stealer_magniber.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-11-15_09ecc9f2670ae3f57b62c491ddccee89_luca-stealer_magniber.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-15_09ecc9f2670ae3f57b62c491ddccee89_luca-stealer_magniber
-
Size
5.7MB
-
MD5
09ecc9f2670ae3f57b62c491ddccee89
-
SHA1
aef08c169e9a17b7a1a07a710a4c1ef834dbc548
-
SHA256
c0321683336eff3967a4a4afd3ab713eb113d29b3425911ea3b9b8351870e35e
-
SHA512
b1d19cffc742f7cbc921d3531fe9b19edcdcd434578b8cc9b9eb22d2500755da5e2bf0dd31469c6e195715dc875c1c510e2aa4b814d7a776155439194564e702
-
SSDEEP
49152:/mlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:kiH9MfT3NwMkKhBRr0yAk6qkKvs
Score9/10-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1