General

  • Target

    2024-11-19_1de429770152617bb2014fc2a5f5f97d_magniber

  • Size

    12.9MB

  • Sample

    241119-ykhamswmdn

  • MD5

    1de429770152617bb2014fc2a5f5f97d

  • SHA1

    dfe914ab3bf7c21a47dee591ef7593983e9d1f82

  • SHA256

    6881080fbae90cfe0b1d8199c017f40848df6a5c6bbab1619c1875298860cb9a

  • SHA512

    c4146fb91c5c5068223d46e08291a04438bff669a5e7f74f9181f697d20cd3d1b8697f9543960a2fd68489475ced21388092b238ad6372de72d3cf6679e89897

  • SSDEEP

    98304:CsDOamaLIgo05sop7cTdmqMh5TYmnbOMt7ZUy6TX0mfse:B6JaLIM592TgqM8Ct9Uy6TX0mke

Malware Config

Targets

    • Target

      2024-11-19_1de429770152617bb2014fc2a5f5f97d_magniber

    • Size

      12.9MB

    • MD5

      1de429770152617bb2014fc2a5f5f97d

    • SHA1

      dfe914ab3bf7c21a47dee591ef7593983e9d1f82

    • SHA256

      6881080fbae90cfe0b1d8199c017f40848df6a5c6bbab1619c1875298860cb9a

    • SHA512

      c4146fb91c5c5068223d46e08291a04438bff669a5e7f74f9181f697d20cd3d1b8697f9543960a2fd68489475ced21388092b238ad6372de72d3cf6679e89897

    • SSDEEP

      98304:CsDOamaLIgo05sop7cTdmqMh5TYmnbOMt7ZUy6TX0mfse:B6JaLIM592TgqM8Ct9Uy6TX0mke

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks