General

  • Target

    2024-11-19_bb29857431dfd2b28c3b1daf37371f3e_magniber

  • Size

    12.9MB

  • Sample

    241119-ywfk7a1nf1

  • MD5

    bb29857431dfd2b28c3b1daf37371f3e

  • SHA1

    8262c15153db5544356085b074935f2b76bc03bf

  • SHA256

    93cb176a090383f8e0dcac71ab9229d826f21359e5c448ffaaa788a383ad5d74

  • SHA512

    f4e67cb78a2cda6725cf4cc9d73c109898359b7cc75a1ead534f0fdf01f7c1924eb74502907ff943011867cb87d54ec24e2d914117c29c9fd1bf5df620d88ec0

  • SSDEEP

    98304:awnLTbGQHY05sop7cTdmqMh5TYmnbOMt7ZUy6TX0mfse:a6TfHX592TgqM8Ct9Uy6TX0mke

Malware Config

Targets

    • Target

      2024-11-19_bb29857431dfd2b28c3b1daf37371f3e_magniber

    • Size

      12.9MB

    • MD5

      bb29857431dfd2b28c3b1daf37371f3e

    • SHA1

      8262c15153db5544356085b074935f2b76bc03bf

    • SHA256

      93cb176a090383f8e0dcac71ab9229d826f21359e5c448ffaaa788a383ad5d74

    • SHA512

      f4e67cb78a2cda6725cf4cc9d73c109898359b7cc75a1ead534f0fdf01f7c1924eb74502907ff943011867cb87d54ec24e2d914117c29c9fd1bf5df620d88ec0

    • SSDEEP

      98304:awnLTbGQHY05sop7cTdmqMh5TYmnbOMt7ZUy6TX0mfse:a6TfHX592TgqM8Ct9Uy6TX0mke

    • Renames multiple (318) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks